SOC Technical Team Lead - Registers of Scotland - SEO

Location

Relaxed Hybrid and Flexible Working Environment

About the job

Job summary

Registers of Scotland (RoS) 

Join an award-winning organisation recognised for its technology and innovation. RoS is a world-leading pioneer in land and property registration. We work to create data-led, digital solutions for the people of Scotland. Our full-stack teams design, architect, and build all our registration products in-house.  

The Role 

We are seeking a technically skilled and people-focused SOC Technical Team Lead to join our Cyber Security team at Registers of Scotland. This role provides both technical leadership and line management for the Security Operations Centre (SOC) team, ensuring the delivery of high-quality threat detection, incident response, and vulnerability management services. 

We’re looking for candidates with at least three years experience in a Security Operations Centre or similar environment, to ensure they bring the hands-on expertise and operational insight needed to lead effective incident response and support a high-performing security team.  

As SOC Technical Team Lead, you’ll lead a team of analysts and work closely with cyber engineers to develop and automate threat detection and response playbooks. A key part of the role is ensuring SOC processes are fully integrated with existing ITSM workflows and that service levels are monitored and reported through agreed SLA/OLA metrics and outcome-driven key performance indicators.  

Please note we have partnered with an agency for this position and will be accepting applications via their website.

Job description

On a typical day you will… 

• Provide line management, coaching, and development to SOC analysts and engineers.  
• Lead the configuration, tuning, and maintenance of core SOC capabilities including log aggregation, alerting, correlation, threat detection, and response tooling.  
• Collaborate with cyber engineers to develop and automate detection logic and incident response playbooks.  
• Work with our Technical Product Manager and Security Architect to ensure SOC capabilities align with enterprise security architecture and strategy.  
• Develop and maintain scenario-based runbooks and technical procedures for incident response.  
• Engage with project teams to provide security assurance for new and existing services.  
• Drive continuous improvement in SOC operations, tooling, and team capability.  
• Monitor and report on SOC performance, including:  
•   - SLA/OLA adherence and incident handling timelines  
    - Volume and severity of security incidents  
    - Average time to detect (MTTD) and respond (MTTR) to threats  
    - Accuracy and relevance of alerts (e.g. reducing false alarms)  
    - Coverage of threat detection across systems and services  
    - Outcome-focused metrics such as reduced dwell time, successful containment rates, and measurable improvements in security posture  

Person specification

• Proven experience in a Security Operations Centre or operational security environment.
• Demonstrable experience managing or leading a technical team or function in an enterprise setting. 
• Strong background in operating and maintaining SOC capabilities such as log management, alerting, threat detection, and incident response tooling. 
• Experience in incident response, including leading technical investigations and developing response frameworks. 
• Proficiency in integrating and operationalising cyber threat intelligence. 
• Experience working with ITSM systems to manage and prioritise workloads. 
• Experience reporting on SOC metrics including SLA/OLA performance, MTTD/MTTR, alert accuracy, and outcome-based security improvements. 
• Excellent interpersonal and communication skills, with the ability to work effectively across technical and non-technical teams. 
• Experience developing or implementing vulnerability management tools and processes.
• Familiarity with cloud security monitoring and hybrid infrastructure environments.
• Knowledge of relevant security frameworks such as NIST CRF, ISO 27001, NCSC CAF, and MITRE ATT&CK.
• Experience contributing to or leading SOC maturity assessments or improvement programmes.