Skip to main content

Cyber Defence Security Operations Lead

Req ID:
Information Technology

At Direct Line Group, insurance is just the start. Combining decades of industry experience with talented people in every field from data, technology, customer care and auto repair, to HR, finance and procurement , we’re a customer-obsessed market powerhouse. And we all work together to be brilliant for customers, every single day.

We have an exciting opportunity for a Cyber Defence Security Operations Lead to join our re-energised Cyber Defence team! Reporting into the Cyber Operations Manager, you will be responsible for running an effective and efficient security operations function. You'll manage the Security Operations team and 3rd party SOC provider, providing day to day leadership on operational tasks and issues, and acting as the first point of contact and escalation point for the team. This role will have a strong relationship aspect as you'll work closely with various stakeholders, both internal and external, to our CISO department, including various 3rd party suppliers.

What else you'll be doing:

  • Maintaining the process and procedural documentation that define DLG’s security operations to facilitate efficient operations, incident response, ensure transparency and facilitate compliance.
  • Working with core operational security suppliers to identify improvements, address operational issues, and identify opportunities to exploit new technologies and services.
  • Developing and maintaining key performance indicators that provide a view over the effectiveness of security operations to the Cyber Operations Manager, on identifying, defending, and responding to threats/incidents and managing situational awareness across the team.
  • Providing weekly reporting of the status of security operations across the DLG estate, highlighting risk areas and working to develop remediation plans as required with other team leads.
  • Escalating and recommending remediations for appropriate operational issues that may be resolved at an architecture and/or security design level.
  • Responsible for overseeing (and being available for escalation for) the 24/7 operational security incident response process (on-call) and liaising with all internal teams to drive incidents to resolution.
  • Implementing detection improvements based on identified operational threats.
  • Responsible for Cyber incident detection engineering and upskilling staff to ensure preparedness for major events.
  • Responsible for ensuring appropriate timely response and management of any incidents and anomalies that are escalated by Security Analysts and providing subject matter expertise and guidance for operational challenges.
  • Responsible for day-to-day management of our third-party 24/7 Security Operations Centre.

People Management

  • You will be responsible for effectively managing the team through:
    • Talent Management that ensures the assignment of work/learning opportunities to meet the needs of both the organisation and the individual.
    • Fair, consistent, and transparent performance management in line with DLG’s high performance framework.
    • Appropriate adherence to line management policies and controls; escalating to Cyber Defence Leadership where needed.
  • Responsible for proactively identifying training opportunities based on upcoming or potential new cyber threat vectors.
  • Responsible for training staff on cyber defence procedures and cyber defence incident response processes and ensuring staff are appropriately qualified.

What you'll need:

  • Proven track record leading an operational team in information technology and security.
  • Advanced knowledge and operational experience in: SIEM tooling, firewalls, intrusion detection and prevention systems, anti-virus and content filtering, URL filtering, authentication solutions, switches, routers, Voice over IP (VoIP), firewall zoning.
  • Advanced understanding of information security, border protection, incident handling and response, forensics, endpoint protection and encryption.
  • Advanced knowledge in security operations with particular emphasis on event management.
  • Proven track record of working with 24/7 SOC and knowledge of operational flows to support this.
  • Experience with log analysis tools, phishing, network analysis and able to work with logs from various sources, such as web servers, database servers, SIEM tools.
  • Knowledge and experience in using various security related exploits and tools.
  • Strong understanding of computer science: algorithms, data structures, databases, networks, and tool development.
  • Network infrastructure knowledge, advanced knowledge of TCP/IP and Internet protocols.
  • Understanding of ITIL service management.
  • Security certifications such as CISM, CISSP, M.Inst.ISP, CISA by a recognised professional body.

It would be beneficial if you have:

  • Knowledge of working in an Agile environment and Jira.
  • Experience working in virtualized and cloud environments.
  • Experience of Microsoft security suites.
  • Knowledge of ITIL process flows.
  • Security certifications such as GIAC Certified Incident Handler (GCIH), EC-Council Certified Incident Handler (ECIH) by a recognised professional body are strongly preferred.

Ways of Working

Our mixed model way of working offers a 'best of both worlds' approach combining the best parts of home and office-working, offering flexibility for everyone. How much you'll be in the office depends on your role, and we'll consider the flexible working options that work best for you.

Read our flexible working approach here.

N.B this is a hybrid opportunity with the expectation to be in our London Bridge office c.2-4 times per month.


We recognise we wouldn't be where we are today without our colleagues, that's why we offer excellent benefits designed to suit your lifestyle:

  • 9% employer contributed pension
  • Up to 10% bonus
  • 50% off home, motor and pet insurance plus free travel insurance and Green Flag breakdown cover
  • Additional optional Health and Dental insurance
  • EV car scheme which allows all colleagues to lease a brand new electric or plug-in hybrid car in a tax efficient way.
  • 25 days annual leave
  • Buy as you earn share scheme
  • Employee discounts and cashback
  • Plus many more!

Being yourself

Direct Line Group is an equal opportunity employer, and we think diversity of background and thinking is a big strength in our people. We're delighted to feature as one of the UK's Top 50 Inclusive Employers and are committed to making our business an inclusive place to work, where everyone can be themselves and succeed in their careers.

We know you're more than a CV, and the things that make you, you, are what bring potential to our business. We recognise and embrace people that work in different ways so if you need any adjustments to our recruitment process, please speak to the recruitment team who will be happy to support you.




Sign up for job alerts

Can’t find the job you’re looking for? Register to be notified as soon as new jobs become available. Enter your email address. Choose the job category and/or enter a location that you’re interested in. And then click “Add” to add the criteria and “Sign Up” to create your job alert.

Interested InSelect a job category from the list of options. Search for a location and select one from the list of suggestions. Finally, click “Add” to create your job alert.

  • Information Technology, London, England, United KingdomRemove

Can’t find the job you’re looking for? Register to be notified as soon as new jobs become available. Enter your email address. Choose the job category and/or enter a location that you’re interested in. And then click “Add” to add the criteria and “Sign Up” to create your job alert.