Manager, Information Security

Overview

Job Description: Technical Manager - Security Operations Center (SOC)

Role Overview

The Technical Manager - Security Operations Center (SOC) owns and advances the organisation's detection, monitoring, and response capability across cloud, SaaS, endpoints, identities, and networks.

This is a hands-on technical leadership role focused on building, engineering, and improving security operations capability. The role is accountable for ensuring threats can be detected early, investigated effectively, and contained quickly using measurable and repeatable processes.

You will define technical direction, validate detection coverage, improve monitoring architecture, and continuously strengthen operational resilience through engineering, automation, and evidence-based improvement.

This role directly supports the reliability, security, and trustworthiness of services delivered by Aptean.

Key Responsibilities

Detection Engineering and Monitoring

• Own the full detection lifecycle: log onboarding, rule creation, tuning, testing, deployment, and maintenance.
• Develop high-fidelity detection use cases aligned to modern attacker techniques across cloud, SaaS, identity, endpoints, and networks.
• Ensure comprehensive monitoring coverage across:
• Cloud control planes and infrastructure
• Identity and authentication systems
• Application and platform logs
• Endpoint telemetry
• Network activity
• CI/CD pipelines
• Continuously assess monitoring gaps using threat intelligence, incident learnings, and architectural changes.
  
  

SIEM and Security Telemetry Architecture

• Act as technical owner of SIEM and security telemetry platforms.
• Design scalable ingestion, parsing, enrichment, and correlation pipelines.
• Define standards for log quality, normalisation, enrichment, and retention.
• Optimise telemetry performance, reliability, and cost efficiency.
• Lead SIEM migration, expansion, or consolidation initiatives when required.
• Ensure telemetry supports real-time detection and forensic investigations.
  
  

Threat Hunting and Advanced Analysis

• Conduct structured, hypothesis-driven threat hunting across multiple data sources.
• Validate detections through adversary simulation and controlled testing.
• Translate findings into improved detections, automation, and monitoring enhancements.
• Support complex investigations involving identity compromise, cloud misuse, insider activity, or advanced threats.
  
  

Incident Response Enablement

• Serve as senior technical escalation point during security incidents.
• Perform deep technical analysis and root cause determination.
• Ensure response procedures are documented, tested, and operationally effective.
• Work with engineering and infrastructure teams to implement containment and remediation.
• Feed incident learnings into detection logic, telemetry strategy, and preventive controls.
  
  

Automation and Response Engineering

• Implement automation for repeatable detection and response tasks.
• Design and maintain SOAR playbooks with defined logic, validation, and failure handling.
• Improve investigation speed, consistency, and response accuracy through automation.
• Integrate security tooling through APIs and event-driven workflows.
  
  

Governance, Metrics, and Continuous Improvement

• Define and monitor operational SOC metrics including:
• Detection coverage
• Time to detect and respond
• False positive rates
• Signal quality
• Provide operational evidence for security assurance and regulatory requirements.
• Align SOC processes with recognised industry security frameworks.
• Drive measurable maturity improvements in monitoring and response capability.
  
  

Required Experience And Skills

Security Operations and Detection

• 8+ years hands-on experience in security operations, detection engineering, or incident response.
• Deep experience operating and tuning enterprise SIEM platforms.
• Strong expertise in log analysis across diverse data sources.
• Advanced understanding of attacker behaviour and intrusion techniques.
  
  

Security Monitoring and Infrastructure

• Experience monitoring cloud environments (AWS, Azure, or GCP).
• Hands-on experience with EDR, NDR, IDS/IPS, identity telemetry, and firewall data.
• Experience designing or improving security monitoring architecture.
  
  

Engineering and Automation

• Scripting capability in Python, PowerShell, or Bash.
• Experience working with APIs and security tool integrations.
• Understanding of CI/CD pipelines and modern application environments.
  
  

Technical Leadership

• Ability to evaluate controls critically and improve them using evidence.
• Strong communication of technical risk to engineers, leadership, and auditors.
• Focus on building resilient systems and scalable security capability.
  
  

Preferred Qualifications

• CISSP, CCSP, GIAC, or equivalent certifications.
• Experience in SaaS or product-led engineering environments.
• Exposure to large-scale or multi-tenant logging architectures.