SR2 are working with a key consultancy client who are looking for a Threat Intelligence & Threat Operations Lead to drive the threat-led direction of a intelligence-focused SOC supporting a critical national security programme. This is a high-impact leadership role requiring a blend of hands-on expertise, stakeholder influence, and strategic vision.

The successful candidate will be responsible for embedding a threat-informed detection strategy across operational, tactical, and strategic levels—guiding both current delivery and future capability uplift. Working within a multi-tenant environment under a federated SOC structure, you will have direct influence on shaping priorities, upskilling the team, and integrating threat intelligence with SOC output at scale.

Key Responsibilities

• Provide strategic leadership across threat intelligence and threat operations, ensuring alignment with wider organisational risk appetite and threat posture.
• Lead the definition and execution of threat modelling and detection priorities, including mapping to MITRE ATT&CK and other relevant frameworks.
• Act as the technical authority and thought leader for intelligence-led detection within a growing multi-tenant SOC, managing ~2TB/day log ingestion.
• Translate complex threat actor behaviours and geopolitical risks into actionable detection strategies.
• Oversee the development and continual refinement of Splunk-based detection logic in coordination with engineering and analyst teams.
• Advise senior stakeholders on emerging threats, operational risks, and strategic mitigation opportunities.
• Mentor and upskill SOC analysts and content developers, elevating threat understanding across the team.
• Contribute to longer-term planning around how threat intelligence and detection capabilities evolve as the service scales into a future strategic SOC.

Essential Experience

• Proven track record in leading threat intelligence or threat operations functions within a SOC or cyber defence capability.
• Experience operating in a strategic advisory capacity, influencing senior decision-makers across government or highly regulated sectors.
• Deep understanding of cyber threats, actor TTPs, and the integration of threat intelligence into detection and response processes.
• Expertise in developing threat-informed detection strategies using frameworks such as MITRE ATT&CK, Cyber Kill Chain, etc.
• Familiarity with SIEM platforms—Splunk strongly preferred—and understanding of detection logic lifecycle.
• Strong interpersonal and communication skills; capable of engaging confidently with technical and non-technical stakeholders.
• Active SC clearance.

Role Context

• The team supports a federated SOC environment operating beneath a centralised national SOC.
• You’ll join at a time of transformation, as the service scales from interim delivery into a long-term strategic capability.
• This is a highly visible role with scope to shape the future operating model, define detection priorities, and mentor future leaders within the SOC function.