Join to apply for the

Senior SOC Analyst (Team Leader)

role at

ClaranetAs a Senior SOC Analyst (Team Leader), you apply your advanced security operations expertise to lead a team of SOC Analysts while performing advanced investigations and, when required, first-line triage to maintain queue health and SLA compliance. You are responsible for high-quality service delivery through detailed analysis, evidence-led response actions, and operational leadership. In addition to handling escalated alerts, you provide line management, oversee ticket quality, contribute to training and onboarding, and drive continual improvement. You work core business hours with participation in the on-call rota, ensuring consistent service support for customers and operational continuity across teams.Responsibilities

Incident Investigation and Response – take ownership of escalated incidents, performing detailed investigations and, when necessary, stepping into first-line triage to guarantee prompt alert handling and escalation.Team Leadership – provide day-to-day leadership and line management for a team of SOC Analysts, conducting performance reviews, appraisals, one-to-one meetings, and development planning.Quality Assurance – own QA for the team’s outputs, ensuring consistency, accuracy, and completeness of incident handling and documentation across the team.Training and Onboarding – lead knowledge-transfer sessions, support structured onboarding of new team members, and coordinate internal training to drive skill development and reinforce SOC best practices.Continual Improvement – identify opportunities to optimise workflows, enhance detection logic, and contribute to service-improvement initiatives across the SOC, including backlog reduction, knowledge-base expansion, and feedback loops from lessons learned.Customer Communications – provide timely incident updates and lead bridging calls with customers during high-priority incidents, ensuring communications are clear, evidence-led, and aligned to customer expectations.Threat Hunting Oversight – lead and coordinate proactive threat hunting across customer environments, using hypothesis-based approaches to identify undetected threats and validate detection coverage.Advanced Investigation and Escalated Response – perform in-depth investigations using correlated data from all available tooling; reconstruct attack chains and identify root causes using MITRE ATTandCK; recommend and coordinate response actions to mitigate impact during active incidents.IOC and Threat Analysis – investigate indicators of compromise using commercial and open-source threat intelligence; validate alerts and determine their relevance to customer environments, providing context on adversary behaviour and recommending follow-up actions; lead and participate in threat hunts using hypothesis-driven approaches mapped to TTPs and MITRE ATTandCK; leverage telemetry and queries to identify suspicious indicators; document hunting activities and findings to support tuning and continual detection improvement; provide feedback and coaching on triage techniques, escalation decisions, and ticket quality; monitor performance, manage formal HR processes, and support professional development through regular one-to-ones and quarterly appraisals; provide concise on-call handovers and status reporting to maintain continuity between core and shift teams, escalating risks or operational issues as needed.Documentation and Reporting – ensure clear, evidence-based documentation of incidents and investigations, including rationale for response actions and IOC validation; perform case-closure quality assurance; support knowledge-base development and post-incident reporting activities to capture reusable insights for future handling and onboarding.Position Specification

Required Qualifications and Experience

UK Non-Police Personnel Vetting (NPPV) and/or Security Check (SC) clearance may be required.A minimum of 4+ years of SOC operational experience, with demonstrated ability across security analysis, incident response, and working escalated cases.Proven leadership capability with experience line managing analysts, conducting performance reviews, and overseeing HR-related duties.Experience providing ticket quality assurance and training delivery.Familiarity with leading SIEM, endpoint and XDR security platforms, in multi-tenant MSSP environments.Willingness to obtain or hold relevant security certifications, such as SBT BTL2 and CREST CRIA.Technical Knowledge

Operating Systems – Proficient with Windows and Linux environments; able to interpret logs, assess process behaviour, and identify privilege misuse.Endpoint Tools – Experience in endpoint detection and response across diverse customer environments, including alert triage, telemetry analysis, and supporting threat response.SIEM and Log Correlation – Detailed analysis within multi-tenant SIEM environments, interpreting data from diverse sources (network, identity, endpoint).Detection and Threat Hunting – Plan and execute threat hunting using ATTandCK-aligned techniques with telemetry to investigate anomalous activity and validate detection coverage.Networking Fundamentals – Understand core protocols (TCP/IP, DNS, HTTP), packet analysis, and log interpretation from firewalls, switches, and proxies.Incident Response Process – Familiar with the full incident response lifecycle and able to support investigation, containment, and recovery under defined playbooks.Threat Intelligence – Consume and apply threat intelligence sources to enrich investigations and proactive improvements.Automation and Scripting – Understand scripting (PowerShell, Python, Bash) to support investigation and automate tasks.Behavioural and Professional Competencies

Communication – Lead customer conversations during active incidents and translate technical details into clear, defensible recommendations.Team Leadership – Provide structure, guidance, and feedback to analysts; drive knowledge sharing through documentation and training.Decision Making – Lead investigations and make timely, evidence-led decisions about escalation or containment.Adaptability – Pivot across customers, technologies, and attacker behaviours in a fast-paced MSSP environment.Customer Empathy and Commercial Awareness – Understand operational and business impact of incidents; prioritise investigation and response actions accordingly.Problem Solving – Investigate and resolve complex issues across endpoint, network, and SIEM data with a risk-informed mindset.Professional Development and Career Progression

Claranet supports ongoing professional growth. As a Senior SOC Analyst (Team Leader), you are encouraged to build advanced investigative, technical and leadership skills, and play a key role in driving continual improvement within the SOC. You may progress into a Principal SOC Analyst or technical specialist role, or expand into engineering or service leadership, depending on your strengths and interests.

#J-18808-Ljbffr