Cyber Security Operations & CTI Lead

Posting Start Date: 15 Jul 2026

Location: Home Based, West Midlands, GB, Remote

Company: Serco Plc

Cyber Security Operations & CTI Lead
Location: Remote, UK-based
Full Time, Permanent
Band B2 | £77,000 – £90,000 per annum DOE

 

 

Overview

Serco is building out its in-house cyber security capability, and this is a rare opportunity to shape it from the ground up. Around 18 months ago we made a long-term commitment to bringing more security expertise in-house — this new role is a key part of that plan.

You'll provide senior technical leadership across Security Operations and Threat Intelligence, ensuring threats are identified, analysed, and translated into action. This is a hands-on technical role: monitoring, threat hunting, detection engineering, and incident response — strengthening how Serco detects and responds to evolving cyber threats. We're a small team with large ambitions, globalising this service, and you'll play a central role in shaping its future.

 

As part of this you’ll:

 

  • Provide technical leadership across Security Operations — alert triage, investigation, and escalation — and act as senior escalation point for complex investigations
  • Design, build, and evolve a new Cyber Threat Intelligence capability, integrating it into SOC workflows, detection logic, and incident response
  • Analyse and track threat actors and campaigns, mapping adversary TTPs to MITRE ATT&CK and translating intelligence into detection improvements
  • Develop, tune, and optimise detection rules based on threat intelligence and incident learnings
  • Lead hypothesis-driven threat hunting, feeding outcomes back into detection engineering
  • Lead cyber incidents end-to-end, producing high-quality incident reports with root cause analysis and lessons learned
  • Author and maintain incident response playbooks and SOC/CTI processes
  • Task-manage a team of analysts day-to-day, with around four direct reports as the function grows
  • Participate in an on-call rota supporting incident escalations

 

What you’ll need to do the role:

 

We're looking for someone who has been there and done it technically — deep, hands-on experience matters more here than a long leadership track record. You'll bring:

  • 7+ years' experience in cyber security roles, in-house or within an MSSP
  • Strong experience within a SOC environment, including incident response end-to-end
  • Proven experience building or integrating a Cyber Threat Intelligence function
  • Strong knowledge of SIEM, EDR, and SOAR tooling, and the MITRE ATT&CK framework
  • Demonstrated detection engineering and intelligence-led threat hunting experience
  • Clear communication skills, technical and non-technical, and the ability to operate under pressure during incidents

 

You'll need to be eligible for BPSS clearance.

 

Desirable

  • CISSP
  • Relevant SANS certifications (e.g. SEC503, FOR572)
  • Relevant Microsoft certifications (e.g. SC200)
  • Blue Team Level 2 (BTL2)

 

 

Why Serco:

 

Meaningful and vital work: In this position, your work is vital to the business, in terms of decisions and growth. You will gain a world of opportunity working for a globally operating business delivering essential services across 5 vital sectors, personal growth, achievement and development won’t be hard to find. You'll also work with great people. You’ll find yourself working in a highly motivated, supportive environment where no two days are the same, with experienced colleagues who strive for excellence.

 

What we offer:

 

 

  • Company car
  • Private healthcare
  • Bonus scheme of up to 30% 
  • Flexible working considered
  • Pension – 6%
  • Chance to contribute to innovation in the public services
  • A company passionate about diversity and inclusion
  • Serco discounts which include cinema, merlin entertainment and online shopping discounts, and discounts on mobile phone plans and leisure centre memberships.
  • A range of benefits to support the health and wellbeing of you and your family such as Employee Assistance Programme, Simply Health Cash Plans, and more.
  • A wealth of career development training to suit your future aspirations. These range from role specific training, leadership coaching, formal study and much more to support you to build your career with Serco.
  • A safe and supportive culture.

A little bit about us:
At Serco, everyone plays a vital part in delivering essential public services that make a real difference. As a global team of 50,000 people across Defence, Transport, Justice, Immigration, Healthcare, Leisure and Citizen Services, we’re united by a shared purpose: to improve the services that communities rely on. Guided by our values of Trust, Care, Innovation and Pride, our people make meaningful impact, every single day.

Our inclusive recruitment commitment:
We prioritise your skills and potential. As a Disability Confident Leader, the Top Great British Employer of Veterans 2026, and a Gold Inclusive Employer Standard holder, we champion equal opportunities for all. We offer flexible and hybrid working where possible and make reasonable adjustments throughout recruitment and employment.

  • Guaranteed Interview Scheme: Applicants with disabilities, veterans and people with convictions, who meet the minimum job criteria, are guaranteed an interview. Simply opt into the relevant scheme on the application form.
  • Ban The Box: We also support fair access for those with unspent criminal convictions through our ‘Ban the Box’ pledge (some roles may have security exemptions).


For support with your application, please contact recruitmentuk@serco.com.

ddatjobs