×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer

SOC Engineering Lead

Job in Greater London, London, Greater London, W1B, England, UK
Listing for: BAE Systems
Full Time position
Listed on 2026-02-17
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer
  • Engineering
    Cybersecurity, Systems Engineer
Job Description & How to Apply Below
Location: Greater London

Job Title: SOC Engineering Lead

Location: London, UK

Grade: GG11

Referral Bonus: £5,000

Overview

BAE Systems are bidding to undertake the day‑to‑day operation of (and incremental improvement of) a dedicated Security Operations Centre (SOC) to support the defence of a major UK CNI organisation. The networks protected are predominantly hosted in Azure cloud platforms, with many systems within these environments that must be protected. The customer is committed to developing this improved SOC to be a benchmark of best practice and excellence, reflecting the significant threat that the protected systems face.

The SOC will be staffed by a blend of customer and BAE Systems staff, based in multiple locations, with day‑to‑day operations both remotely and on the customer’s premises. These roles require a minimum of SC clearance; sponsorship for new clearances is not possible, so candidates must have existing clearances.

As SOC Engineering Lead, you will plan and manage development, testing and implementation activities for day‑to‑day operations—delivering new or updated rules and analytics for the Azure SIEM and SOAR platforms—and produce playbooks leading the Analytics and Rules (A&R) Teams. You will also prioritise and coordinate activities across various projects and releases, and drive long‑term improvement upgrades and activities.

The engineering team you will manage works with Protective Monitoring, Threat Intelligence and wider SOC operations to scope and define requirements for tuning existing security use cases and creating new detection content. You will plan each release and oversee design, development, testing and implementation.

Responsibilities

  • Grow and evolve the customer SOC capability by documenting platforms, feedback lessons learned and working with the wider team to establish best practices and repeatable engineering processes.
  • Work with technical project managers, engineers, solution architects and end‑customer senior stakeholders; flexibility in designs and delivery methodologies is essential for timely, safety‑compliant delivery.
  • Oversee deployment/implementation activities, ensuring entry criteria are met, all planned activities are completed and rollback plans are initiated where required.
  • Develop, test and deploy updated and new content across the monitored estate in liaison with Operations teams.
  • Take playbooks from wider SOC teams, develop technical aspects, seek approval and deploy—directly or as a mentor to the team.
  • Accountable for maintenance of existing detection content to keep it current and relevant.
  • Assess effectiveness of new/updated rules and analytics to inform future development.
  • Review and approve all required documentation for releases or changes, including design, deployment, configuration and administration guides.
  • Oversee and remain responsible for maintenance of underlying Azure and off‑Azure infrastructure related to the SOC.
  • Obtain authorisation for implementing releases and changes through the Change Management process for ICT and SOC component changes.

Requirements – Technical

  • Strong knowledge of Azure security functions and detection tools for large cloud estates; produce content and playbooks on Sentinel to detect security breaches.
  • Knowledge of SIEM/SOAR tools (Sentinel at a minimum) and other appropriate tooling such as SOAR, Threat Intelligence, traffic analysis tools to identify intrusion signs.
  • Deep knowledge and experience of operational ICT service delivery management.
  • Experience working with a range of security tooling/technology.
  • Strong understanding of security architecture, especially networking.
  • Detailed understanding of threat intelligence and threat actors, TTPs and ope rationalising threat intelligence.
  • Understand TCP/IP component layers to identify normal and abnormal traffic.
  • Experience undertaking SOC Analyst activities would be beneficial.
  • Experience developing wider SIEM/SOAR content highly desirable.

Requirements – Non‑Technical

  • Client‑side consulting, including stakeholder engagement and ability to communicate insights and concepts, briefing skills and report writing.
  • Team leadership.
  • Coaching mindset – help and mentor team.
  • Security process development.
  • Abili…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search