About Ekco

🚀 Founded in 2016 Ekco is now one of the fastest growing cloud solution providers in Europe!

We specialise in enabling companies to progress along the path of cloud maturity, managing transformation and driving better outcomes from our customers’ existing technology investments.

☁️ In a few words, we take businesses to the cloud and back!

🌍 We have over 950 highly talented and supportive colleagues (and counting) across a number of regional offices in the UK, Benelux & Ireland.

The Role

We are seeking an experienced Security Operations Lead to manage a team of SOC analysts and ensure the effective delivery of day-to-day SOC operations. This role is accountable for workload distribution, queue management, performance monitoring, and ensuring service delivery standards are consistently met. You will act as the primary escalation point for client inquiries and high-priority issues, while also owning quality assurance and contributing to service reporting and reviews.

The ideal candidate will be a people-focused leader with strong organisational and analytical skills and a deep understanding of SOC operations. You will balance operational oversight with developing your team, driving continuous improvement, and confidently representing the SOC in both internal and client-facing contexts.

Key Responsibilities and day to day:

Operational Leadership:

• Own and oversee the SOC alert queue, ticket queue, and shared mailbox.
• Prioritise and assign workload across analysts based on skill, experience, and availability.
• Actively support triage and first-line analysis when needed to maintain service performance.
• Monitor SLA/OLA adherence across alerts and case management, ensuring consistency and quality.
• Ensure queue hygiene and quality handovers, particularly across shifts.
• Act as the escalation point for client inquiries, complaints, or high-priority tickets.
• Lead service reporting for your team and represent SOC operations in client or internal service reviews.
• Support onboarding of new clients, including analyst allocation, tuning of use cases, and process familiarisation.
• Own SOC SOPs and playbooks within your team, ensuring they remain practical, relevant, and aligned to delivery realities.
• Own the QA process within your respective team, driving consistency in alert handling and investigation quality.

People Leadership:

• Line manage a team of 8 SOC analysts, including performance reviews, personal development planning, and career progression.
• Conduct regular 1:1s to provide feedback, support, and technical/operational guidance.
• Primary approver for leave requests and absence management.
• Build and maintain shift rotas, ensuring continuous coverage.
• Support onboarding and continuous development of new analysts.
• Identify underperformance early and implement improvement plans where required.
• Provide day-to-day mentoring and coaching, acting as both a technical and operational escalation point.
• Escalate resourcing or HR concerns to SOC leadership as appropriate.

Capability & Continuous Improvement:

• Contribute to the development, testing, and refinement of SOC processes and playbooks.
• Identify areas to improve operational efficiency across workflows and tooling.
• Feed lessons learned from QA, incidents, and client escalations back into process and detection improvements.

To be successful in this role you’ll need/ What you’ll bring to the role or team/ What we’re looking for in a team mate

• Proven experience working within MSSP
• Strong expertise in SOC technologies (SIEM, EDR, SOAR, etc)
• In-depth expertise in the analysis of logs, artefacts, security events, IOCs, tactics, techniques and procedures (TTP’s)
• Proven ability to mentor and develop SOC analysts and act as a technical escalation point.
• Confidence representing SOC technical expertise in client-facing discussions and incident reviews.
• Strong analytical mindset with the ability to identify and drive strategic improvements across SOC operations.

• Deep understanding of the cyber kill chain and cybersecurity frameworks (e.g., MITRE ATT&CK, NIST, CIS) and threat landscapes
• Proven ability to handle high-pressure situations, make critical decisions, and manage complex incidents.
• Excellent communication and interpersonal skills, both verbal and written, to manage stakeholder and client relationships effectively
• Strong organisational and administrative skills, with attention to detail
• Good problem-solving abilities with a proactive focus on finding innovative and practical solutions.
• Ability to work collaboratively in a fast-paced environment

Experience collaborating with cross-functional teams (Threat Intelligence, Detection Engineering, Incident Response) to strengthen detection and response capabilities.

Benefits/Perks

• ☀️ Time off - 25 days leave + public holidays
• 🎂 x1 day Birthday leave per year
• 💰 Company Pension Scheme (employer contribution 5%) + flexible salary sacrifice
• 📞 Employee Assistance Programme (EAP) - access to dedicated mental health, emotional wellbeing and general advice
• 🏃‍♀️ EkcOlympics - a global activity for fun!
• 📚 Learning & development - Unlimited access to Pluralsight learning platform

• 🌱 A lot of responsibilities & opportunities to grow (also internationally)

Why Ekco

• ⭐️ Microsoft’s 2023 Rising Star Security Partner of the year
• 🚀 VMware & Veeam top partner status
• 🏅 Ranked as 4th fastest growing technology company in the Deloitte Fast50 Awards
• 🌈Ekco are committed to cultivating an environment that promotes diversity, equality, inclusion and belonging
• 🎉 We recognise the value of internal mobility and encourage opportunities for internal development & progression
• ✨ Flexible working with a family friendly focus are at the core of our company values