Clera - Your AI talent agent
Mott MacDonald logo
Mott MacDonald
IT Manager - SOC and SIEM
full-timeNewcastle upon Tyne

Summary

Location

Newcastle upon Tyne

Type

full-time

Company links

WebsiteLinkedInLinkedIn
Explore Jobs

About this role

Location/s: Newcastle, UK
Recruiter contact: Nikki George

 

Mott MacDonald is a global engineering, management, and development consultancy with over 20,000 employees across more than 50 countries and 140+ offices. 


We work across incredible global industries, delivering exciting work that is defining our future and making an important societal impact in the communities we serve. Our people power our performance – we succeed when they do. With countless opportunities to collaborate, learn, and grow, the possibilities for excellence are as varied as every individual. 


Whether you want to grow as a subject matter expert or broaden your experience with roles across our international community, you’re surrounded by global specialists who want to combine their expertise and champion you to be your best. As a proudly employee-owned business, we benefit our clients, our communities, and each other, investing in creating the right space for everyone to feel empowered, included, and valued. Whatever your ambition, Mott MacDonald is where people come to be brilliant.

 

 

Overview of the role

As the Cyber Security Manager for SOC & SIEM, you will lead the organisation’s detection and response strategy, ensuring robust operational resilience against evolving threats. This senior role is accountable for enhancing SIEM capabilities and driving improvements across Vulnerability & Patch Management, Incident Response & Disaster Recovery, and Asset & Threat Discovery.  

 

You will manage a high-performing team of engineers, embed automation and best practices, and collaborate with IT, engineering, and risk teams to deliver measurable reductions in Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR). You will influence strategic decisions, champion a security-first culture, and ensure detection and response are integrated into enterprise operations.  

 

We are committed to building a diverse, inclusive, and high-performing security function. In this role, you will nurture talent, foster innovation, and create an environment where people feel supported, empowered, and valued in their mission to protect the organisation. 

 

Key responsibilities:

  • Define and execute the SOC and SIEM strategy, aligning with organisational objectives, regulatory requirements, and risk appetite
  • Lead and develop a high-performing SOC and SIEM team, fostering accountability, innovation, and continuous improvement
  • Champion automation and advanced analytics to improve detection, correlation, and response speed
  • Maintain strong partnerships with IT operations, architecture, engineering, and risk teams to ensure integrated security operations and early threat detection
  • Oversee SIEM platform architecture, log ingestion, and correlation accuracy, ensuring robust detection engineering and alert tuning aligned to frameworks such as MITRE ATT&CK
  • Drive process optimisation, reducing false positives and improving triage efficiency
  • Establish and monitor KPIs for detection coverage and operational performance
  • Own vulnerability management strategy and patching governance across endpoints, servers, and cloud workloads, implementing automation to minimise exposure windows
  • Report remediation progress to leadership and ensure SLA compliance
  • Lead the development and maintenance of incident response and disaster recovery playbooks for critical attack scenarios
  • Direct tabletop exercises and simulations to validate readiness and improve response metrics
  • Act as escalation point during major incidents, ensuring rapid containment, root cause analysis, and recovery
  • Govern continuous asset discovery and threat hunting programmes, ensuring accurate inventory feeds into CMDB and SIEM for correlation and reporting
  • Drive proactive threat identification and risk reduction initiatives
  • Own SOC governance reporting and ensure audit readiness for Cyber Essentials, ISO 27001, and regulatory frameworks
  • Maintain risk register entries related to detection and response
  • Develop and enforce security policies, standards, and operational procedures
  • Act as the primary point of contact for SOC and SIEM matters with senior leaders and cross-functional teams, providing clear, actionable insights and recommendations

 

Personal attributes:

  • Proactive & Innovative: Continuously seeks improvements in detection and response capabilities, adopting emerging best practices
  • Strategic Leader: Translates complex operational challenges into actionable strategies aligned with business goals
  • Leadership Presence: Inspires confidence, motivates teams, and drives accountability
  • Decisive Under Pressure: Maintains composure and makes sound decisions during critical incidents
  • Excellent Communicator: Engages technical and non-technical stakeholders effectively, simplifying complex concepts
  • Integrity & Professionalism: Demonstrates ethical leadership and commitment to safeguarding organisational assets

 

Key Performance Indicators 

  • Reduction in Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) across SOC operations
  • SLA compliance for vulnerability remediation and patch deployment
  • Successful completion of incident response and disaster recovery exercises, with improvement in readiness scores
  • Accuracy of asset inventory and threat discovery coverage
  • Audit success and quality of governance reporting. 

 

 

Candidate specification

Essential:

  • Proven leadership experience in SOC and SIEM management, with experience managing teams and driving strategic initiatives
  • Strong knowledge of detection engineering, vulnerability management, and incident response/disaster recovery frameworks
  • Excellent stakeholder engagement and communication skills, capable of influencing at all levels and translating technical concepts into business language
  • Ability to manage complex programmes and competing priorities, delivering measurable outcomes within agreed timelines
  • Demonstrated experience in governance, compliance, and regulatory frameworks (e.g., ISO 27001, NIST, GDPR)
  • Proficiency in developing and implementing security policies, standards, and operational procedures
  • Strong analytical and problem-solving skills, with the ability to make data-driven decisions under pressure

 

Desirable: 

  • Professional certifications such as CISSP, CISM, CCSP, or equivalent experience
  • Hands-on experience with SIEM platforms, vulnerability scanners, and EDR/XDR solutions
  • Familiarity with frameworks such as MITRE ATT&CK, ISO 27001, NIST CSF
  • Experience in leading cyber resilience programmes, including threat hunting, vulnerability assessments, and incident simulations
  • Understanding of automation and orchestration in security operations (SOAR platforms)

 

Please be advised that offers for this role are conditional upon obtaining the appropriate level of Security Clearance.

 

 

UK Immigration

Mott MacDonald Ltd. are not currently offering sponsorship to candidates under the Skilled Worker visa route in the UK. This decision is as a consequence of the changes made to the Skilled Worker route by the UK Government in April 2024. We continue to welcome applications from candidates who are eligible for alternative immigration routes in the UK, that do not require sponsorship as a Skilled Worker now or in future.

 

Agile working  

At Mott MacDonald, we believe it makes business sense for you and your manager to choose how you can work most effectively to meet your client, team, and personal commitments. We offer a hybrid working policy that embraces your well-being, flexibility, and trust.

 

Equality, diversity, and inclusion 

We put equality, diversity, and inclusion at the heart of our business, seeking to promote fair employment procedures and practices to ensure equal opportunities for all. We encourage individual expression in our workplace and are committed to creating an inclusive environment where everyone feels they can contribute.

 

Accessibility

We want you to perform your best at every stage in the recruitment process. If you are disabled or need any support to enable you to apply or attend an interview, please contact us at [email protected] and we will talk to you about how we can support you.

 

 

We offer some fantastic benefits including:

 

Health and wellbeing

  • Private medical insurance for all UK colleagues.
  • Health cash plan to support you with every day health costs and treatments.
  • Access to Peppy, providing free support from menopause experts for all UK colleagues.
  • A variety of wellbeing support is available through our comprehensive wellbeing program, including access for you and your family.
  • Ability to flex your salary to opt into a wide range of health benefits, many of which can be extended to your family too.

 

 

Financial wellbeing

  • We match employee pension contributions between 4.5% and 7%.
  • Life assurance equal up to 4 x your basic salary, with an option to increase the level of cover to 6 x your salary.
  • Our income protection scheme provides a financial benefit, as well as absence and return to work support due to long-term illness or injury.
  • Flexible benefits, including increased life assurance cover, critical illness insurance, payroll saving and will writing.
  • As an independently owned business we share the financial success of the business with all our colleagues in various ways including annual bonus schemes.

 

 

Lifestyle

  • A minimum of 33-35 days holiday each year, inclusive of public holidays and dependent on level, with the ability to buy or sell leave through our flexible benefits programme.
  • Holiday entitlement increased to a minimum of 35 days after 5 years’ service.
  • Variety of employee saving schemes and discounts from high-street retailers.

 

 

 Enhanced family and carers leave

  • Enhanced family leave policies, including 26 weeks paid maternity and adoption leave, and two weeks paid paternity/partner leave.
  • Our shared parental leave matches maternity leave meaning we pay up to 24 weeks at full pay.
  • Up to five additional days leave are provided for those with significant caring responsibilities, two of which are paid.

 

 

Learning and development

  • Primary annual professional institution subscription.
  • A broad range of opportunities to enhance both technical and soft skills through mentoring, formal training, and self-development options.

 

 

Networks, communities, and social outcomes

  • Join a wide range of groups including our Advanced Employee Networks which support our LGBTQ+, gender, race and ethnicity, disability, and parents/carers communities.
  • Make a difference within our communities through our social outcomes.

 

Apply now, or for more information about our application process, click here.

Other facts

Tech stack
Cyber Security,SOC Management,SIEM,Incident Response,Vulnerability Management,Threat Discovery,Automation,Analytics,Governance,Compliance,Communication,Leadership,Problem Solving,Data-Driven Decision Making,Risk Management,Stakeholder Engagement

About Mott MacDonald

We are an engineering, management and development consultancy and one of the largest wholly employee-owned firms of our kind.

We plan, design, deliver and maintain the transport, energy, water, defence and security, and buildings infrastructure that is integral to people's daily lives.

Our core strength is using our expertise to overcome complex challenges to deliver benefits for our clients and the communities they serve.

Team size: 10,001+ employees
LinkedIn: Visit
Industry: Civil Engineering
Founding Year: 1989

What you'll do

  • The Cyber Security Manager will lead the detection and response strategy, enhancing SIEM capabilities and managing a high-performing team. Responsibilities include overseeing incident response, vulnerability management, and ensuring integration with IT operations.

Ready to join Mott MacDonald?

Take the next step in your career journey

Frequently Asked Questions

What does a IT Manager - SOC and SIEM do at Mott MacDonald?

As a IT Manager - SOC and SIEM at Mott MacDonald, you will: the Cyber Security Manager will lead the detection and response strategy, enhancing SIEM capabilities and managing a high-performing team. Responsibilities include overseeing incident response, vulnerability management, and ensuring integration with IT operations..

Why join Mott MacDonald as a IT Manager - SOC and SIEM?

Mott MacDonald is a leading Civil Engineering company.

Is the IT Manager - SOC and SIEM position at Mott MacDonald remote?

The IT Manager - SOC and SIEM position at Mott MacDonald is based in Newcastle upon Tyne, England, United Kingdom. Contact the company through Clera for specific work arrangement details.

How do I apply for the IT Manager - SOC and SIEM position at Mott MacDonald?

You can apply for the IT Manager - SOC and SIEM position at Mott MacDonald directly through Clera. Click the "Apply Now" button above to start your application. Clera's AI-powered platform will help match your profile with this opportunity and guide you through the application process. You can also learn more about Mott MacDonald on their website.