SOC Manager

A leading gaming sector organisation undergoing a significant cybersecurity transformation. The SOC has recently transitioned from a third-party MSSP to a fully in-house 24/7 operation. Operating under strict Gaming Commission oversight, this is one of the UK's most highly regulated environments, with a strong focus on resilience, compliance, and operational excellence.

Key responsibilities • Lead, mentor, and develop a team of SOC analysts in a 24/7 operational environment across a three-shift rotation • Own and enhance incident detection and response capabilities • Act as senior decision-maker during major incidents and crisis situations • Develop and implement SOC use cases aligned to the MITRE ATT&CK framework • Drive continuous improvement across SOC processes, tooling, and playbooks • Collaborate with Security Engineering to optimise detection pipelines • Build strong relationships with stakeholders across technology and the wider business • Partner with the Major Incident Manager on critical security events • Support regulatory compliance, audit requirements, and contribute to strategic direction Experience • Proven experience managing SOC or security operations teams • Strong background in incident response and crisis management • Background in highly regulated environments (Gaming, Financial Services, Utilities) Technical skills • Demonstrated ability to operate effectively in high-pressure situations Technical skills • SIEM platforms — Sentinel, Splunk, Elastic or similar • SOC operations, detection engineering, and security tooling • MITRE ATT&CK framework and use case development • Demonstrated ability to operate effectively in high-pressure situations • Security pipelines, integrations, and emerging AI/LLM in cybersecurity Soft skills •Strong leadership and people development capabilities • Confident and decisive under pressure • Excellent stakeholder management and communication • Collaborative, personable, and resilient mindset Technical environment • SIEM platforms — Microsoft Sentinel, Splunk, Elastic (SIEM transition in progress; training provided) • Modern security operations tooling and detection engineering practices • Emerging focus on AI/LLM applications within security operations Working arrangements • Hybrid model — minimum 1 day per week onsite in Warrington • Flexibility offered, with initial emphasis on building strong in-person relationships • New state-of-the-art office and dedicated SOC facility opening May/June 2026