IT Manager - SOC and SIEM

Location(s):

Newcastle Upon Tyne, GB

Contract Type: Permanent

Work Pattern: Full Time

Market: Various

Discipline: Information technology

Job Ref: 13239

Recruiter Contact: Nikki George

Location/s: Newcastle, UK
Recruiter contact: Nikki George

Mott MacDonald is a global engineering, management, and development consultancy with over 20,000 employees across more than 50 countries and 140+ offices.

We work across incredible global industries, delivering exciting work that is defining our future and making an important societal impact in the communities we serve. Our people power our performance – we succeed when they do. With countless opportunities to collaborate, learn, and grow, the possibilities for excellence are as varied as every individual.

Whether you want to grow as a subject matter expert or broaden your experience with roles across our international community, you’re surrounded by global specialists who want to combine their expertise and champion you to be your best. As a proudly employee-owned business, we benefit our clients, our communities, and each other, investing in creating the right space for everyone to feel empowered, included, and valued. Whatever your ambition, Mott MacDonald is where people come to be brilliant.

Overview of the role

As the Cyber Security Manager for SOC & SIEM, you will lead the organisation’s detection and response strategy, ensuring robust operational resilience against evolving threats. This senior role is accountable for enhancing SIEM capabilities and driving improvements across Vulnerability & Patch Management, Incident Response & Disaster Recovery, and Asset & Threat Discovery.

You will manage a high-performing team of engineers, embed automation and best practices, and collaborate with IT, engineering, and risk teams to deliver measurable reductions in Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR). You will influence strategic decisions, champion a security-first culture, and ensure detection and response are integrated into enterprise operations.

We are committed to building a diverse, inclusive, and high-performing security function. In this role, you will nurture talent, foster innovation, and create an environment where people feel supported, empowered, and valued in their mission to protect the organisation.

Key responsibilities:

Define and execute the SOC and SIEM strategy, aligning with organisational objectives, regulatory requirements, and risk appetite
Lead and develop a high-performing SOC and SIEM team, fostering accountability, innovation, and continuous improvement
Champion automation and advanced analytics to improve detection, correlation, and response speed
Maintain strong partnerships with IT operations, architecture, engineering, and risk teams to ensure integrated security operations and early threat detection
Oversee SIEM platform architecture, log ingestion, and correlation accuracy, ensuring robust detection engineering and alert tuning aligned to frameworks such as MITRE ATT&CK
Drive process optimisation, reducing false positives and improving triage efficiency
Establish and monitor KPIs for detection coverage and operational performance
Own vulnerability management strategy and patching governance across endpoints, servers, and cloud workloads, implementing automation to minimise exposure windows
Report remediation progress to leadership and ensure SLA compliance
Lead the development and maintenance of incident response and disaster recovery playbooks for critical attack scenarios
Direct tabletop exercises and simulations to validate readiness and improve response metrics
Act as escalation point during major incidents, ensuring rapid containment, root cause analysis, and recovery
Govern continuous asset discovery and threat hunting programmes, ensuring accurate inventory feeds into CMDB and SIEM for correlation and reporting
Drive proactive threat identification and risk reduction initiatives
Own SOC governance reporting and ensure audit readiness for Cyber Essentials, ISO 27001, and regulatory frameworks
Maintain risk register entries related to detection and response
Develop and enforce security policies, standards, and operational procedures
Act as the primary point of contact for SOC and SIEM matters with senior leaders and cross-functional teams, providing clear, actionable insights and recommendations

Personal attributes:

Proactive & Innovative: Continuously seeks improvements in detection and response capabilities, adopting emerging best practices
Strategic Leader: Translates complex operational challenges into actionable strategies aligned with business goals
Leadership Presence: Inspires confidence, motivates teams, and drives accountability
Decisive Under Pressure: Maintains composure and makes sound decisions during critical incidents
Excellent Communicator: Engages technical and non-technical stakeholders effectively, simplifying complex concepts
Integrity & Professionalism: Demonstrates ethical leadership and commitment to safeguarding organisational assets

Key Performance Indicators

Reduction in Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) across SOC operations
SLA compliance for vulnerability remediation and patch deployment
Successful completion of incident response and disaster recovery exercises, with improvement in readiness scores
Accuracy of asset inventory and threat discovery coverage
Audit success and quality of governance reporting.

Candidate specification

Essential:

Proven leadership experience in SOC and SIEM management, with experience managing teams and driving strategic initiatives
Strong knowledge of detection engineering, vulnerability management, and incident response/disaster recovery frameworks
Excellent stakeholder engagement and communication skills, capable of influencing at all levels and translating technical concepts into business language
Ability to manage complex programmes and competing priorities, delivering measurable outcomes within agreed timelines
Demonstrated experience in governance, compliance, and regulatory frameworks (e.g., ISO 27001, NIST, GDPR)
Proficiency in developing and implementing security policies, standards, and operational procedures
Strong analytical and problem-solving skills, with the ability to make data-driven decisions under pressure

Desirable:

Professional certifications such as CISSP, CISM, CCSP, or equivalent experience
Hands-on experience with SIEM platforms, vulnerability scanners, and EDR/XDR solutions
Familiarity with frameworks such as MITRE ATT&CK, ISO 27001, NIST CSF
Experience in leading cyber resilience programmes, including threat hunting, vulnerability assessments, and incident simulations
Understanding of automation and orchestration in security operations (SOAR platforms)

Please be advised that offers for this role are conditional upon obtaining the appropriate level of Security Clearance.

UK Immigration

Mott MacDonald Ltd. are not currently offering sponsorship to candidates under the Skilled Worker visa route in the UK. This decision is as a consequence of the changes made to the Skilled Worker route by the UK Government in April 2024. We continue to welcome applications from candidates who are eligible for alternative immigration routes in the UK, that do not require sponsorship as a Skilled Worker now or in future.

Agile working

At Mott MacDonald, we believe it makes business sense for you and your manager to choose how you can work most effectively to meet your client, team, and personal commitments. We offer a hybrid working policy that embraces your well-being, flexibility, and trust.

Equality, diversity, and inclusion

We put equality, diversity, and inclusion at the heart of our business, seeking to promote fair employment procedures and practices to ensure equal opportunities for all. We encourage individual expression in our workplace and are committed to creating an inclusive environment where everyone feels they can contribute.

Accessibility

We want you to perform your best at every stage in the recruitment process. If you are disabled or need any support to enable you to apply or attend an interview, please contact us at reasonable.adjustments@mottmac.com and we will talk to you about how we can support you.

We offer some fantastic benefits including:

Health and wellbeing

Private medical insurance for all UK colleagues.
Health cash plan to support you with every day health costs and treatments.
Access to Peppy, providing free support from menopause experts for all UK colleagues.
A variety of wellbeing support is available through our comprehensive wellbeing program, including access for you and your family.
Ability to flex your salary to opt into a wide range of health benefits, many of which can be extended to your family too.

Financial wellbeing

We match employee pension contributions between 4.5% and 7%.
Life assurance equal up to 4 x your basic salary, with an option to increase the level of cover to 6 x your salary.
Our income protection scheme provides a financial benefit, as well as absence and return to work support due to long-term illness or injury.
Flexible benefits, including increased life assurance cover, critical illness insurance, payroll saving and will writing.
As an independently owned business we share the financial success of the business with all our colleagues in various ways including annual bonus schemes.

Lifestyle

A minimum of 33-35 days holiday each year, inclusive of public holidays and dependent on level, with the ability to buy or sell leave through our flexible benefits programme.
Holiday entitlement increased to a minimum of 35 days after 5 years’ service.
Variety of employee saving schemes and discounts from high-street retailers.

Enhanced family and carers leave

Enhanced family leave policies, including 26 weeks paid maternity and adoption leave, and two weeks paid paternity/partner leave.
Our shared parental leave matches maternity leave meaning we pay up to 24 weeks at full pay.
Up to five additional days leave are provided for those with significant caring responsibilities, two of which are paid.

Learning and development

Primary annual professional institution subscription.
A broad range of opportunities to enhance both technical and soft skills through mentoring, formal training, and self-development options.

Networks, communities, and social outcomes

Join a wide range of groups including our Advanced Employee Networks which support our LGBTQ+, gender, race and ethnicity, disability, and parents/carers communities.
Make a difference within our communities through our social outcomes.

Apply now, or for more information about our application process, click here.