Security Manager - SOC

Job Summary:
Our Security Operations Centre (SOC) is at the heart of monitoring and investigating cybersecurity incidents for the Tesco Group. They operate closely with other cybersecurity teams, including Digital Forensics and Incident Response, Threat Intelligence, Automation and Detection Engineering, to protect, detect, and respond to security threats across Tesco’s complex estate.

Beyond investigating security incidents, the SOC team maximises their expertise by collaborating with other teams, driving innovation, and improving overall security capabilities.

The Security Operations Centre Manager will lead a skilled team, deliver high-quality service, and collaborate with cybersecurity professionals. This role involves coordinating initiatives that integrate efforts across security teams and the wider Tesco Technology organization. The Manager will emphasize team development and SOC capability maturity.

Drawing on extensive security operations experience and strong critical thinking skills, the SOC Manager will support incident analysis and maintain a clear view of the operational and threat landscape, ensuring a coordinated and effective response to emerging incidents.

In this job, I am accountable for:

• Following our Business Code of Conduct and always acting with integrity and due diligence.

• Leading an effective and efficient SOC service that delivers timely detection, analysis, and response to security alerts and incidents.

• Ensuring continuous improvement and alignment of new initiatives with the broader security strategy, keeping it central to all planning and execution, while also reporting on its implementation.

• Staying ahead of the cyber threat landscape, specifically within Tesco verticals (e.g., retail, transport, fuel, pharmacy).

• Leading the team through complex operational landscapes and security incidents, ensuring accurate interrogation, analysis, and presentation of threat-related data and decisive actions.

• Developing team members’ leadership skills and technical capabilities.

• Encouraging industry-leading investigative analysis through comprehensive response playbooks, formulating detection use cases and automations, and researching service-enhancing tools.

• Encouraging and implementing innovative practices in threat monitoring and response, fostering continuous improvement and adaptation to emerging threats.

• Using threat intelligence to focus investigation and detection efforts, adhering to the threat hunting strategy and processes.

• Developing, implementing, and maintaining policies, standards, and procedures for security operations investigations and incidents, ensuring alignment with legal and regulatory requirements.

• Conducting SOC service reviews, including evaluating capacity, assessing quality, conducting purple and red team exercises, and performing internal evaluations.

• Collaborating closely with teams across cybersecurity, technology, and beyond.

• Leading service improvements through projects and initiatives, ensuring clear communication of plans, implementation, and progress updates.

• Monitoring and assessing managed security service provider performance, ensuring alignment to contracted service and operational level agreements.

• Maintaining high-quality standards through regular audits, evaluations, and continuous improvement efforts.

Operational skills relevant for this job:

• SOC Service Management: Operating a SOC within a large enterprise.

• Defining and measuring key performance indicators (e.g., MTTD, MTTR) to evaluate SOC performance and meet objectives and SLAs.

• SOC Process Optimisation: Continuously improving SOC workflows, alert triage, and incident resolution.

• Automation and Orchestration: Using automation tools to improve manual tasks, reduce response times, and improve detection.

• Service Level Agreement (SLA) Management: Ensuring alignment to SLAs with internal teams and external service providers.

• Collaboration Across Teams: Working across cybersecurity and IT teams to drive integrated security solutions.

• Security Tool Management: Managing and optimising SOC technologies like SIEM, EDR, and SOAR for effective threat detection.

• Training and Development: Implementing training programs to enhance SOC analysts' technical skills and incident response.

• Vendor Management: Managing third-party vendors and MSSPs to ensure they meet performance expectations.

Experience relevant for this job:

• Demonstrable experience (4+ years) in successfully leading a high-performance team, including security analysts at all levels.

• Proficient in security operations, including technical analysis, investigations, and handling security incidents in large-scale, fast-paced corporate environments both on-premise and in the cloud.

• A strong, up-to-date understanding of the security threats facing large enterprises and the challenges these present to the SOC.

• Experience with technical analysis of enterprise systems including operating systems, networks, cloud, and complex architectures.

• Experience with a broad range of enterprise security technologies including EDR, SIEM, and SOAR.

• Familiarity with at least one scripting language such as Python, PowerShell, etc.

• Awareness of how AI can be applied in both offensive and defensive team operations, including its potential for threat detection and incident response to enhance security posture.

• Excellent written and verbal communication skills.

• Ability to think critically and lead technical investigations.

• Ability to handle high-stress situations with composure, efficiency, and integrity.

• Completion of relevant training courses such as SANS LDR551, SEC504, FOR508, ITIL Framework; certifications (or equivalents) are desirable but not required.