Lead Specialist, Security Operations

Role Summary:

The Security Operations Center (SOC) is seeking a highly skilled and proactive to lead day-to-day security operations drive continuous process improvement and advance detection engineering across Pearsons environments. This role is pivotal in safeguarding critical assets through rapid incident response automation and collaboration with internal and external partners. You will be responsible for refining SOC processes developing detection capabilities and ensuring alignment with Pearsons security standards and regulatory requirements.

Key Responsibilities:

Security Operations Leadership:
Lead and execute advanced SOC operations including incident detection triage containment and root cause analysis across Pearson environments.

Detection Engineering & Automation:
Develop implement and optimize detection logic playbooks and automated response workflows to reduce mean time to containment and improve SOC efficiency.

Process Improvement:
Continuously assess and enhance SOC processes and procedures ensuring best practices and alignment with evolving threat landscapes.

Threat Intelligence Integration:
Collaborate with threat intelligence teams to analyze emerging risks and integrate relevant TTPs (Tactics Techniques and Procedures) into SOC operations.

Stakeholder Engagement:
Act as a trusted advisor to internal stakeholders translating technical findings into actionable insights and ensuring transparency throughout security operations.

Compliance & Governance:
Ensure all SOC activities comply with relevant standards (e.g. NCSC Cyber Essentials Plus) and internal Pearson policies.

Reporting & Metrics:
Deliver executive-level reporting risk assessments and metrics to demonstrate the effectiveness of SOC operations.

Required Skills & Experience:

• Proven experience in security operations incident response and detection engineering
• Hands-on expertise with SOAR EDR NDR and SIEM technologies
• Experience with one or more Cloud Service Providers (AWS Azure GCP)
• Strong background in multitasking adapting and thriving in fast-paced environments
• Excellent communication skills especially in stakeholder management and translating technical risk to non-technical audiences
• SANS GCIH certification or equivalent

Preferred Qualifications:

• Experience working with regulated environments or government clients
• Knowledge of cloud security (AWS Azure GCP) and hybrid infrastructure
• Experience collaborating with red/purple teams and defensive teams