Security Operations Capability Manager

Job Description:

Your impact

At Leonardo, we have a fantastic new opportunity for a Security Operations Capability Manager to join the ARCHANGEL™ SOC to lead the capability development teams.  

ARCHANGEL™ delivers specialist technical cyber security services to a range of clients across a variety of industries including government, defence, homeland security, CNI and aerospace. The ARCHANGEL™ Detect Team sits within the Bristol Service Operations Centre and is responsible for providing detection creation and maintenance, threat intelligence, threat hunt capabilities as well as the overall management of the tool stack. 

Beyond ARCHANGEL™, Leonardo and its Cyber Security division are a world leader in safety-through-technology, providing tailored solutions for customers in public administration, public safety and security, critical infrastructure, services, transport, post and logistics. 

You will be joining our highly skilled team at our Bristol site. This is a great opportunity to bring your talents and form an integral part of Leonardo's future. We can help you develop your skills and offer great opportunities to develop and grow, so why not join us! 

What you will do as a Security Operations Capability Manager

• Lead and develop a diverse team of cyber security professionals across incident response, threat detection, and threat intelligence, fostering a high-performance culture capable of adapting quickly to the evolving threat landscape. 

• Drive innovation and continuous improvement across specialist teams, ensuring the organisation remains at the forefront of modern cybersecurity practices while aligning security initiatives with wider organisational objectives. 

• Oversee the onboarding of new customers, systems, and devices into SOC services, ensuring SOC operational requirements are embedded throughout project and service lifecycles. 

• Manage the development, deployment, and optimisation of incident response tooling, detection capabilities, and supporting security platforms to strengthen organisational threat detection and response maturity. 

• Ensure appropriate cyber security representation across internal projects within the Security Operations Centre and across the wider business. 

• Define, implement, and continuously refine SOC processes, procedures, and operational playbooks to maintain operational excellence, ensuring scalability and adaptability to future security challenges. 

• Build and maintain strong relationships with key departments across the organisation, promoting cross-functional collaboration to solve complex security challenges and deliver integrated solutions. 

• Lead performance management activities including annual appraisals, career development planning, and mentoring for analysts. Support recruitment activities and design structured training programmes to develop and retain high-performing security professionals. 

• Own and actively contribute to the organisation’s risk register, implementing structured approaches to risk identification, assessment, and mitigation to reduce exposure to cyber threats. 

What you'll bring

We are looking for a motivated self-managed individual who is willing to help design and adapt a constantly evolving service; someone who can demonstrate above average analytical skills and liaise professionally with peers and customers even under pressure. 

• Proven experience in a specialised cyber security role, with significant exposure to security operations, incident response, or threat detection. 

• Demonstrated experience managing and optimising SIEM platforms, such as Splunk or Microsoft Sentinel. 

• Strong working knowledge of the Microsoft Defender security ecosystem, including technologies such as Defender for Endpoint, Defender for Identity, Defender for Office 365, and Defender for Cloud, with an understanding of how these integrate within a modern SOC. 

• Experience operating within cloud environments, particularly Microsoft Azure, with a solid understanding of cloud architecture and security best practices. 

• Exceptional leadership and people management skills, with a proven ability to build, motivate, and retain high-performing cyber security teams. 

• Strong stakeholder management capabilities, with experience engaging and influencing both technical and non-technical stakeholders across multiple levels of the organisation. 

• Deep understanding of the MITRE ATT&CK framework and the Cyber Kill Chain, and their practical application in detection engineering and threat analysis. 

• Demonstrated commitment to continuous professional development and staying informed on emerging threats, technologies, and industry best practices. 

Desirable 

• Hands-on experience with Microsoft Sentinel, including building detections, automations, playbooks, and integrations within a SOC environment. 

• Industry certifications such as SANS GIAC (GMON, GCFA, GPEN, GNFA) or equivalent. 

• Experience leading cyber security teams or mentoring junior analysts. 

• Proven experience delivering or managing technical security projects within complex environments. 

This is not an exhaustive list, and we are keen to hear from you even if you might not have experience in all the above. The most important skill is a good attitude and willingness to learn. 

Security Clearance 

This role is subject to pre-employment screening in line with the UK Government’s Baseline Personnel Security Standard (BPSS). You must also be eligible for National Security Vetting (NSV), which may include Security Check (SC) or Developed Vetting (DV). 
For more information, please visit: UK Security Vetting 

Why join us 

At Leonardo, our people are at the heart of everything we do. We offer a comprehensive, company-funded benefits package that supports your wellbeing, career development, and work–life balance. 

• Time to Recharge: Generous leave with the opportunity to accrue up to 12 additional flexi-days each year. 
• Secure your Future: Award-winning pension scheme with up to 15% employer contribution. 
• Your Wellbeing Matters: Free access to mental health support, financial advice, and employee-led networks. 
• Never Stop Learning: Free access to 4,000+ online courses via Coursera and LinkedIn Learning. 
• Tailored Perks: Spend up to £500 annually on flexible benefits such as private healthcare, lifestyle discounts, and gym memberships. 
• Flexible Working: Flexible hours with hybrid working options. 

For a full list of our company benefits please visit our website. 
 
Leonardo is a global leader in Aerospace, Defence, and Security. Headquartered in Italy, we employ over 53,000 people worldwide including 8,500 across 9 sites in the UK. Our employees are not just part of a team—they are key contributors to shaping innovation, advancing technology, and enhancing global safety. 

At Leonardo we are committed to building an inclusive, accessible, and welcoming workplace. We believe that a diverse workforce sparks creativity, drives innovation, and leads to better outcomes for our people and our customers. If you have any accessibility requirements to support you during the recruitment process, just let us know. 

Be part of something bigger - apply now! 

#LI-CYBER

Primary Location:

GB - Bristol - Coldharbour Lane

Contract Type:

Permanent

Hybrid Working:

Hybrid