Allwyn UK

Security Operations and Incident Response Manager

Allwyn UK

full-time

Posted on:

Location Type: Hybrid

Location: WatfordUnited Kingdom

Visit company website

Explore more

AI Apply
Apply

Tech Stack

AWSAzureCloudGoogle Cloud Platform

About the role

  • Lead day‑to‑day Security Operation to ensure effective monitoring, triage, and response across a cloud‑first, highly‑integrated security environment.
  • Lead a team of 10 SOC analysts and oversee performance, including rota management, workload balancing, skills development, and ongoing coaching of analysts.
  • Help the Senior Cyber Defence Manager drive continuous improvement of detection and response capabilities through feedback on the engineering tuning effectiveness, automation, and optimisation of SIEM, SOAR, EDR and other cloud‑native security platforms.
  • Oversee the end‑to‑end lifecycle of SOC playbooks, operating procedures, and escalation paths, ensuring they stay current with evolving threats and technologies.
  • Willingness to work shifts as needed to maintain adequate team coverage and operational staffing levels.
  • Ensure high‑quality post‑incident reviews are completed, lessons‑learned are captured, and improvements are fed back into tooling, processes, and training.
  • Partner with the Senior Cyber Defence Manager and specialist third‑party providers to continually strengthen threat detection, response processes, and overall, SOC maturity.
  • Provide operational evidence, insights, and support to Governance, Risk & Assurance teams while maintaining clear separation of duties.
  • Collaborate closely with the Major Incident Manager and TechOps teams to ensure coordinated response, timely escalation, and effective resolution of security incidents.
  • Demonstrate a strong understanding of business and customer impact to support effective prioritisation, communication and incident response decision-making.

Requirements

  • Battle‑hardened Security Operations leader (SOC Manager), with proven experience running high‑tempo monitoring and incident response in complex environments and the judgement to make calm, decisive calls under pressure
  • Experienced working shoulder‑to‑shoulder with technology incident response teams, staying relentlessly customer‑centric in decisions, comms and recovery.
  • Demonstrated ability / potential to lead, coach and develop people — this may come from formal line management, technical leadership, mentoring, or leading multidisciplinary teams.
  • Experience coordinating operational activity such as incident response, service management, or technology change, with the ability to stay calm, structured and decisive under pressure.
  • Familiarity with modern security tooling (SIEM, SOAR, EDR, cloud‑native monitoring, Azure Sentinel, and Elastic) with the ability and appetite to deepen expertise through on‑the‑job learning and partnership with Cyber Defence.
  • Strong problem‑solving and analytical capability, able to understand complex incidents, identify patterns, and support the continuous improvement of detection and response processes.
  • Clear, confident communication skills, capable of translating technical issues into operational actions and engaging effectively with engineers, analysts, third parties and senior stakeholders.
  • Good organisational awareness, ideally including experience navigating Allwyn’s technology, ways of working, suppliers, or operational processes — or evidence of quickly adapting to similar environments.
  • Ability to manage operational workload, including rota planning, prioritisation, and resource balancing to maintain consistent 24/7 coverage.
  • Comfort working in cloud‑first, fast‑changing environments, with the ability to absorb new technologies, new threats, and new tooling quickly.
  • Hands‑on experience with cloud security operations (Azure, AWS, GCP) – Desirable (but not essential).
  • Exposure to detection engineering, incident response, threat intelligence, or vulnerability management – Desirable (but not essential).
  • Certifications such as CISSP, GCIH, GCIA, GMON, AZ‑500 — viewed as beneficial, not mandatory.
  • Experience working with or leading third‑party security partners – Desirable (but not essential).
Benefits
  • Company Bonus Scheme
  • Matched pension contributions up to 8.5%
  • 26 days annual leave + 2 Life Days (and bank holidays)
  • Single Private Health Cover
  • Complimentary Private Medical
  • Income Protection
  • Flexible Benefits – EV Scheme, Money Coach, Will Writing, Mortgage Advice, Dental and Eye Care Schemes.
  • Enhanced Family Leave (Maternity, Paternity, Adoption)
  • Wellness Allowance £500
  • Employee Assistance Programme
  • Discounted Health Assessments
  • Volunteering Day
  • Matched Funding
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Security OperationsIncident ResponseMonitoringTriageDetection EngineeringThreat IntelligenceVulnerability ManagementCloud Security OperationsOperational Activity CoordinationProblem-Solving
Soft Skills
LeadershipCoachingCommunicationOrganizational AwarenessDecision-MakingCalm Under PressureCustomer-CentricAnalytical CapabilityWorkload ManagementAdaptability
Certifications
CISSPGCIHGCIAGMONAZ-500