Team Lead, SOC

NCC Group

Job Location:

Madrid - Spain

Monthly Salary: Not Disclosed

Posted on: 9 days ago

Vacancies: 1 Vacancy

Job Summary

We are seeking a highly skilled and motivated Security Analyst Team Lead to guide and support our security operations team. The successful candidate will provide leadership management technical expertise and mentorship to a team of security analysts ensuring effective investigation of alerts escalation to our customer and continuous improvement of security operations.

They must demonstrate the ability to confidently manage and mentor junior analysts at both R1 and R2 levels providing guidance oversight and support in day-to-day operations. Strong leadership skills should be complemented by excellent communication and stakeholder management capabilities.

As the role and wider team are fully remote the ability to communicate clearly consistently and effectivelyboth verbally and in writingis essential for successful collaboration and leadership in a distributed environment. They should be highly capable of producing clear thorough and high-quality documentation including incident reports standard operating procedures and technical playbooks. Familiarity with security frameworks such as MITRE ATT&CK NIST or ISO 27001 is expected.

We are really looking for someone who is a self-starter someone who can fully embrace and own their work. Taking the initiative and pulling people together towards the main goal.

This role involves working on a rotating shift pattern that includes both day and night shifts as well as occasional on call duty. As part of their responsibilities the candidate will be expected to directly investigate security tickets ensuring timely and thorough analysis appropriate escalation and effective resolution. A hands-on approach to incident handling is essential as is the ability to work independently during out-of-hours shifts.

The candidate will be responsible for validating filtering and tuning opportunities within the detection environment to reduce false positives and enhance alert fidelity. Due to this the role requires strong analytical skills technical proficiency and a commitment to continuous learning in a dynamic security environment using Splunk as its SIEM of choice.

Key Responsibilities

Lead and mentor a team of security analysts across R1 and R2 levels providing day-to-day oversight technical guidance and performance support.
Manage the analysts within you team ensuring timely reports on performance and areas for improvement.
Oversee and support the end-to-end alert lifecycle including triage investigation escalation to the customer and incident follow-up.
Ensure all analysts adhere to defined processes and standards for security operations documentation and communication.
Validate and implement filtering and tuning opportunities in the Splunk SIEM to improve detection fidelity and reduce false positives.
Drive the creation and maintenance of high-quality documentation including incident reports investigation summaries playbooks and SOPs.
Act as a key escalation point for complex security events providing senior-level insight and technical direction during investigations.
Collaborate with other teams and stakeholders to ensure seamless communication and alignment on security posture risks and incident handling.
Promote a culture of continuous learning encouraging team members to develop their skills and stay current with emerging threats and technologies.
Contribute to the development and refinement of use cases detection logic and threat coverage aligned to frameworks like MITRE ATT&CK
Support a remote-first team environment by communicating clearly proactively and consistently across multiple collaboration platforms.

Skills Knowledge & Expertise

The ideal candidate has experience working in a cyber security environment. A senior SOC analyst Data Engineer Detection Engineer or similar type of roles would be suitable. They are a proactive and experienced security professional with a strong background in security operations and a passion for team leadership. They are confident in managing and mentoring junior analysts across R1 and R2 levels providing both strategic direction and hands-on support. With exceptional communication skills they thrive in a fully remote environment maintaining clear consistent and effective collaboration with team members external stakeholders and regularly communicating with the EMC manager to ensure alignment and transparency.

Technically proficient the candidate brings deep knowledge of security operations tools and practices with a particular focus on Splunk as the SIEM of choice. They are adept at identifying and validating tuning and filtering opportunities to reduce false positives and improve detection accuracy. A detail-oriented mindset ensures their documentationwhether incident reports playbooks or proceduresis thorough professional and actionable.

They are well-versed in security frameworks such as MITRE ATT&CK NIST or ISO 27001 and possess strong analytical skills and a commitment to continuous learning in a fast-paced threat landscape. Above all they are a reliable team leader who takes ownership of outcomes and actively contributes to the growth and maturity of the SOC.

Minimum Requirements

Experience within a SOC analyst role detection engineer data engineer or similar.
Strong use of Splunk Programming Language.
Strong understanding of Content Delivery Networks and AWS Cloud technologies.

Desirable Requirements

Hands-on experience with Splunk SIEM including alert triage investigation tuning filtering and rule development
Strong analytical and investigative skills for assessing security alerts tickets and incident data
Familiarity with established security frameworks such as MITRE ATT&CK NIST and ISO 27001
Experience in tuning and optimising detection content to reduce false positives and enhance alert fidelity
Capable of drafting and maintaining clear thorough and professional technical documentation
Strong understanding of common cyber threats tactics techniques and procedures (TTPs)
Technically proficient in troubleshooting complex alerts and contributing to detection engineering initiatives

Desirable Certifications

Splunk Power User
CompTIA CySA
CompTIA Security X
Blue Team Level Two
GCIH

Behaviours

Demonstrates strong investigative instinctsable to piece together disparate data to uncover patterns anomalies and malicious activity.
Challenges assumptions and seeks root causes not surface-level symptoms when identifying potential threats.
Adds Value: Goes beyond the minimum requirements to provide solutions and contributions that enhance the customers success and growth.
Strong leadership and team management abilities with proven experience mentoring and guiding R1 and R2 level security analysts
Capable of managing and prioritising workloads across a rotating shift pattern including both day and night shifts
Excellent verbal and written communication skills essential for effective collaboration in a fully remote distributed team environment
Clear and consistent stakeholder engagement and reporting capabilities
Skilled in producing high-quality documentation including incident reports standard operating procedures (SOPs) playbooks and investigation summaries
Confident in conflict resolution decision-making and acting as the escalation point during complex security incidents
Proactive in identifying areas for team and process improvement with a commitment to continuous service enhancement
Ability to foster a culture of continuous learning and professional development within the team
Self-motivated and dependable when working independently particularly during out-of-hours or high-pressure situations
Strong organisational and time management skills ensuring adherence to deadlines and service level agreements (SLAs)

Job Benefits

Flexible Working: Balance your work and personal life with our flexible working options.
Generous Holiday Allowance: Enjoy 25 days of holiday plus bank holidays with the option to buy up to 5 additional days of annual leave.
Medicash & Critical Illness Scheme
Financial & Investment Benefits: Enjoy peace of mind with our Pension Life Assurance and Share Save Scheme.
Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities.
Green Car Scheme: Drive green and save money with our eco-friendly car scheme.
Cycle Scheme: Stay fit and healthy with our cycle-to-work scheme.
Special Time Off: Take time off for those big moments in life like getting married/entering into a civil partnership becoming a grandparent and welcoming home a new pet.
Family Planning: Benefit from our generous maternity and paternity leave as well as time off and support for those undergoing fertility treatments.