Role Summary:

The Security Operations Center (SOC) is seeking a highly skilled and proactive to lead day-to-day security operations, drive continuous process improvement, and advance detection engineering across Pearson’s environments. This role is pivotal in safeguarding critical assets through rapid incident response, automation, and collaboration with internal and external partners. You will be responsible for refining SOC processes, developing detection capabilities, and ensuring alignment with Pearson’s security standards and regulatory requirements.

 

Key Responsibilities:

Security Operations Leadership:
Lead and execute advanced SOC operations, including incident detection, triage, containment, and root cause analysis across Pearson environments.

Detection Engineering & Automation:
Develop, implement, and optimize detection logic, playbooks, and automated response workflows to reduce mean time to containment and improve SOC efficiency.

Process Improvement:
Continuously assess and enhance SOC processes and procedures, ensuring best practices and alignment with evolving threat landscapes.

Threat Intelligence Integration:
Collaborate with threat intelligence teams to analyze emerging risks and integrate relevant TTPs (Tactics, Techniques, and Procedures) into SOC operations.

Stakeholder Engagement:
Act as a trusted advisor to internal stakeholders, translating technical findings into actionable insights and ensuring transparency throughout security operations.

Compliance & Governance:
Ensure all SOC activities comply with relevant standards (e.g., NCSC, Cyber Essentials Plus) and internal Pearson policies.

Reporting & Metrics:
Deliver executive-level reporting, risk assessments, and metrics to demonstrate the effectiveness of SOC operations.

Required Skills & Experience:

Proven experience in security operations, incident response, and detection engineeringHands-on expertise with SOAR, EDR, NDR, and SIEM technologiesExperience with one or more Cloud Service Providers (AWS, Azure, GCP)Strong background in multitasking, adapting, and thriving in fast-paced environmentsExcellent communication skills, especially in stakeholder management and translating technical risk to non-technical audiencesSANS GCIH certification or equivalent

Preferred Qualifications:

Experience working with regulated environments or government clientsKnowledge of cloud security (AWS, Azure, GCP) and hybrid infrastructureExperience collaborating with red/purple teams and defensive teams