Job Titles

SIEM Team Lead

NCC Group Stand: C29

Thanks for checking out our job opening; we are excited that YOU are interested in learning more about NCC Group.


We are on a mission to make society a safer and more secure place. Our people are the ones who make that possible; a global community of talented individuals working together towards a safer future.


We aim to create an environment where everyone can reach their full potential. We work together, we are brilliantly creative, we embrace difference, and we want you to join in our mission as a SIEM Team Lead.


Take a look at our website here to learn more about why we are one of the leading global Cyber Security and Risk Mitigation business…


The Opportunity

We are specialists in SIEM integration and content creation, with our services backed up by our own mature methodology for onboarding, developing and designing Use Cases for many of the UK’s largest companies.


This has been tried and tested across dozens of major deployments and hundreds of Use Cases, and is uniquely tailored to each client whilst providing the methodology to ensure that Use Cases and development are to done to a very high standard.


We operate as a single point of contact for all Managed Service Security Requirements and work directly with clients to build, develop and design solutions for individual security requirements.


The Challenge

A successful candidate will be responsible for our applications and analytics team who work with a number of SIEM solutions within our Leeds based SOC. They will be an initial escalation point for their team and will operate at a senior level within the team to ensure that the team work within customer service level agreements (SLAs).

  • Provide leadership for our applications and analytics team with responsibility for the output of the team
  • Provide SIEM expertise and support for NCC Group’s Managed Service customer base
  • Providing guidance and support to SOC personnel in regards to SIEM operations, concepts and development
  • Creating and managing SIEM Security content
  • Onboard and manage SIEM event sources and transition through to live SOC Managed Services
  • Assisting in the development of new SOC infrastructure to assist in SIEM and surrounding SOC requirements
  • Assisting in security investigations with the SOC Analyst Team
  • Collaborating with other teams to help develop and drive improvement/progression


A successful candidate would be able to provide security advice to customers to help them develop their security awareness and infrastructure. Working for a Security Partner requires a surrounding knowledge and experience of security awareness, incidents, response and management


Essential Skills

Having competency in the below skills is required and the ability to perform these at a higher level is desirable:

  • Windows and Linux operating systems (configuring, maintaining, troubleshooting)
  • Experience in a technical customer service/technical support environment that adheres to service level agreements (SLAs)
  • Security Investigation (this could be a from a wide pool of skills, such as investigating security alerts, incident response, security audits, configuration reviews, industry best practices, etc.)
  • Development/scripting skills (such as PowerShell, Python, Bash and any associated skills, such as Regex)
  • SIEM use case and filter creation/management
  • Splunk


Any experience and expertise in the following would also be beneficial:

  • LogRhythm
  • Carbon Black
  • Microsoft security tools (Sentinel, Defender, etc)
  • Experience in a leadership role



The following certifications are desirable, but not a requirement. A level of knowledge/experience within the below practices is   also desirable. Successful candidates that do not possess these certifications may be tasked with working towards them at the beginning of their employment:

  • Splunk Certified Administrator
  • Splunk Certified Power User
  • LogRhythm Certified Support Engineer
  • LogRhythm Certified Deployment Engineer
  • CompTIA Certifications (Security+/ Network+/ Linux+)
  • Crest, GIAC or CISSP Certification
  • Degree in related field.
  • Other relevant certifications.


Other information

  • This role is based at the NCC Group office in Leeds, United Kingdom, optional remote working can be negotiated.
  • This role will involve an out-of-hour’s element (post training).


Please do not hesitate to apply.


About NCC Group

The NCC Group family has over 1,800 members located all around the world, providing a trusted advisory service to 15,000 customers. Born in the UK, we have now have offices in North America, Canada, Europe, Asia- Pacific and United Arab Emirates.


We are passionate about helping our customers to protect their brand, value and reputation against the ever-evolving threat landscape. We fuel that passion with investment in our people and our business.


Our values and code of ethics are at the heart of how we operate – we work together, we are brilliantly creative and we embrace difference. We treat everyone and everything with equal respect.

We want to create an environment where all colleagues feel psychologically, emotionally and physically safe to be authentic, sharing their personal experiences to represent the diversity of the world they live in, and have equal opportunity to achieve their best.

View all Job Titles