Job Description

To lead the Protective Monitoring team in delivering proactive and reactive monitoring of security events across the organisation’s technical infrastructure. The role ensures timely detection, analysis, and escalation of potential cyber threats, supporting the organisation’s resilience against security incidents. The Team Lead will manage operational processes, develop team capability, and ensure compliance with regulatory and organisational security standards.

Principal Accountabilities

• Lead and manage the Protective Monitoring team, ensuring effective allocation of resources and prioritisation of tasks.
• Oversee the monitoring, detection, and analysis of security events using SIEM and related technologies.
• Ensure timely escalation and coordination of incident response activities in line with organisational policies.
• Maintain and improve protective monitoring processes, ensuring alignment with industry best practices and compliance requirements.
• Develop and maintain operational dashboards and reporting for senior stakeholders.
• Own KPIs and SLAs for the monitoring capability (MTTD, MTTR, false positive rate, ingestion latency) and provide executive reporting.
• Drive continuous improvement initiatives, including automation and optimisation of monitoring workflows.
• Provide leadership, coaching, and development opportunities for team members.
• Collaborate with other Cyber Security teams and stakeholders to enhance threat detection and response capabilities.
• Ensure adherence to data protection, confidentiality, and security standards across all monitoring activities.

Authorities & Dimensions

• Decision-Making: Authority to prioritise monitoring activities and escalate incidents as per policy.
• People Management: Direct line management of Protective Monitoring Analysts.
• Systems Access: Elevated access to monitoring tools and platforms for operational oversight.
• Part of the emergency response arrangements.
• Some on call working may be required.

Essential Skills

• Ability to achieve SC and NPPV Clearance.
• Degree or equivalent experience in a relevant discipline (e.g., Cyber Security, Computer Science, Digital Forensics).
• Proven experience in cyber security operations, specifically in protective monitoring or SOC environments.
• Demonstrated experience of strong knowledge in information security principles (security principles applied to architecture, network & systems, cyber forensic, security risk assessment, software development).
• Strong understanding of SIEM technologies, log analysis, and threat detection methodologies.
• Experience managing and developing technical teams in a security operations context.
• Knowledge of regulatory frameworks (e.g., GDPR, NIS Directive) and security standards (e.g., NCSC CAF).
• Strong communication and stakeholder management abilities.
• Actionable knowledge of MITRE ATT&CK framework.
• Solid understanding of exploitable vulnerabilities and remediation techniques.
• Experience in automating manual processes for responding to cyber security incidents.
• Experience of working and partnering with other technology teams to resolve cyber security incidents.

Desirable Skills

• Professional certifications such as CISSP, CISM, or equivalent.
• Experience with automation and orchestration tools in security operations.
• Familiarity with cloud security monitoring and hybrid environments.
• Knowledge of threat intelligence integration and advanced analytics.
• Familiarity with Threat Hunting capabilities and utilising it output to grow monitoring capabilities.
• Experience of developing scripts (Python, REGEX, PowerShell, Shell, etc.) quickly in reaction to incidents or for proof of concepts.

Additional Information

• Open VN
• Number of Vacancies: 1
• Contact/s: Andrew Shutak

The interviews for this vacancy are to be confirmed.

ASW’s may have the right to apply for internal Sellafield Ltd vacancies. Please note if you are an Agency Supplied Worker you are required to attach evidence of all qualifications obtained to support your application. We require a minimum of A*-C (9-4) GCSE in English Language, Maths & Science/IT or equivalent / higher qualification.

If you choose to apply for this role and your application is shortlisted by the hiring manager, you will be invited to a competency based interview.

Competencies will be provided if you are invited to interview.

Sellafield Ltd are recognised as a Disability Confident Employer (Level 3). Disability Confident employers offer an interview to disabled applicants that meet the minimum criteria for a vacancy. Sellafield Ltd define the minimum criteria as the ‘essential skills’ which are listed on the vacancy notice. Whilst completing your application form, you will be able to indicate if you wish to be considered under the disability confident scheme. If you would prefer to discuss this directly with us, please contact the GBS Recruitment team on recruitment@sellafieldcloud.co.uk

Please ensure that you save a copy of this advert for future reference if you make an application for this role.

The closing date for this vacancy is 27th July 2026.

Protective Monitoring Team Lead

Job number

SP06732

Profession

IT Information Services

Location

Sellafield or Risley

Contract type

Internal Recruitment

Posting date

12 July 2026

Closing date

27 July 2026

Band

3B Upper

Work Schedule

Days