SOC Technical Team Lead

Job summary

Registers of Scotland (RoS)

Join an award-winning organisation recognised for its technology and innovation. RoS is a world-leading pioneer in land and property registration. We work to create data-led, digital solutions for the people of Scotland. Our full-stack teams design, architect, and build all our registration products in-house.

The Role

We are seeking a technically skilled and people-focused SOC Technical Team Lead to join our Cyber Security team at Registers of Scotland. This role provides both technical leadership and line management for the Security Operations Centre (SOC) team, ensuring the delivery of high-quality threat detection, incident response, and vulnerability management services.

We’re looking for candidates with at least three years experience in a Security Operations Centre or similar environment, to ensure they bring the hands-on expertise and operational insight needed to lead effective incident response and support a high-performing security team.

As SOC Technical Team Lead, you’ll lead a team of analysts and work closely with cyber engineers to develop and automate threat detection and response playbooks. A key part of the role is ensuring SOC processes are fully integrated with existing ITSM workflows and that service levels are monitored and reported through agreed SLA/OLA metrics and outcome-driven key performance indicators.

Please note we have partnered with an agency for this position and will be accepting applications via their website.

Job description

On a typical day you will…

• Provide line management, coaching, and development to SOC analysts and engineers.

• Lead the configuration, tuning, and maintenance of core SOC capabilities including log aggregation, alerting, correlation, threat detection, and response tooling.

• Collaborate with cyber engineers to develop and automate detection logic and incident response playbooks.

• Work with our Technical Product Manager and Security Architect to ensure SOC capabilities align with enterprise security architecture and strategy.

• Develop and maintain scenario-based runbooks and technical procedures for incident response.

• Engage with project teams to provide security assurance for new and existing services.

• Drive continuous improvement in SOC operations, tooling, and team capability.

• Monitor and report on SOC performance, including:

• - SLA/OLA adherence and incident handling timelines
  - Volume and severity of security incidents
  - Average time to detect (MTTD) and respond (MTTR) to threats
  - Accuracy and relevance of alerts (e.g. reducing false alarms)
  - Coverage of threat detection across systems and services
  - Outcome-focused metrics such as reduced dwell time, successful containment rates, and measurable improvements in security posture

Person specification

• Proven experience in a Security Operations Centre or operational security environment.

• Demonstrable experience managing or leading a technical team or function in an enterprise setting.

• Strong background in operating and maintaining SOC capabilities such as log management, alerting, threat detection, and incident response tooling.

• Experience in incident response, including leading technical investigations and developing response frameworks.

• Proficiency in integrating and operationalising cyber threat intelligence.

• Experience working with ITSM systems to manage and prioritise workloads.

• Experience reporting on SOC metrics including SLA/OLA performance, MTTD/MTTR, alert accuracy, and outcome-based security improvements.

• Excellent interpersonal and communication skills, with the ability to work effectively across technical and non-technical teams.
• Experience developing or implementing vulnerability management tools and processes.
• Familiarity with cloud security monitoring and hybrid infrastructure environments.
• Knowledge of relevant security frameworks such as NIST CRF, ISO 27001, NCSC CAF, and MITRE ATT&CK.
• Experience contributing to or leading SOC maturity assessments or improvement programmes.
  
  

Benefits

Alongside your salary of £52,252, Registers of Scotland contributes £15,137 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

• This job is for you if you want…

  • Work with purpose: working for the people of Scotland to set the bar for land and property registration worldwide.
  • Flexible and hybrid working: depending on the role and team requirements, work when and where it’s best for you and your stakeholders.
  • Benefits: enjoy pay progression, pension contributions of up to 28.97%, up to a year’s parental leave, and 38 days annual holiday, increasing to 42 days with length of service.
  • Investment in professional development: we invest in all our people so that they have the right skills to be productive and confident in their job.
  • Diversity and Inclusion: We are an ‘Investor in People’ and a ‘Disability Confident’ employer. We are inclusive, stronger together, and committed to putting our people first.
  • Positive work culture: RoS is an agile, digital organisation using leading-edge technology. Colleagues understand their role in achieving our strategy and have the autonomy to deliver.

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

• Key Responsibilities

  Essential Criteria – Skills and Attributes for Success

  Experience/Technical:

  We will assess you against the following Experience and Technical skills during the application and assessment process:

  • Proven experience in a Security Operations Centre or operational security environment.
  • Demonstrable experience managing or leading a technical team or function in an enterprise setting.
  • Strong background in operating and maintaining SOC capabilities such as log management, alerting, threat detection, and incident response tooling.
  • Experience in incident response, including leading technical investigations and developing response frameworks.
  • Proficiency in integrating and operationalising cyber threat intelligence.
  • Experience working with ITSM systems to manage and prioritise workloads.
  • Experience reporting on SOC metrics including SLA/OLA performance, MTTD/MTTR, alert accuracy, and outcome-based security improvements.
  • Excellent interpersonal and communication skills, with the ability to work effectively across technical and non-technical teams.
  • Experience developing or implementing vulnerability management tools and processes.
  • Familiarity with cloud security monitoring and hybrid infrastructure environments.
  • Knowledge of relevant security frameworks such as NIST CRF, ISO 27001, NCSC CAF, and MITRE ATT&CK.
  • Experience contributing to or leading SOC maturity assessments or improvement programmes.

  Behaviours

  You will be scored against all listed Behaviours at assessment:

  • Making Effective Decisions
  • Communicating and Influencing/ Developing Self and Other (Cluster)
  • Managing a Quality Service

  Stage one - Application Process To apply, click on 'Apply now' and complete the online application form.

  You will need to submit:

  1. A CV outlining your career history and how you meet the technical/experience criteria (max 4 pages).
  1. Responses explaining how you meet the required experience aspects of the role (maximum 300 words per answer in the spaces provided).
  1. After the deadline for applications, all applicants will be sent a short on-line test via the platform Hackerrank, which will assess your technical proficiency.

  Please note:

  • If we receive a high volume of applications, we may complete an initial sift on technical/ experience criteria
  • We reserve the right to invite candidates to participate in a telephone interview prior to being further assessed.
  • Applications that are not accompanied by CVs or responses exceeding 300 words per experience will not be considered.
  • Applicants who do not complete the online assessment will not be considered.
  • We would strongly recommend that your statement is written in the STAR format (Situation, Task, Action & Result) and preparing your answers using software such as MS Word or Google Docs, and then uploading the file.
  • We strongly advise you review our policy on responsible use of AI in the application process. RoS may check answers with an AI detection tool and will contact you for a pre-screening call to verify your responses.
  • Applications and appointments are subject to a strict merit-based assessment process, in line with the Civil Service Recruitment Principles.

  Stage two – assessment

  If successful at application stage, you will be invited to an in-person interview which will include the following:

  • Behaviour based interview
  • Technical whiteboarding exercise

  Information on Success Profiles

  For further information on success profiles, visit our Success Profiles.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

• Name : talent@ros.gov.uk
• Email : talent@ros.gov.uk
• Telephone : talent@ros.gov.uk

Recruitment team

• Email : talent@ros.gov.uk