Security Threat & Operations Manager

Posted on 19/06/2026

Apply

Bristol, Peterborough, Sheffield, Home based

Competitive + benefits

Permanent

Home
Vacancies
Security Threat & Operations Manager

About the role

The Security Threat & Operations Manager leads the day-to-day operational delivery of cyber security across Zellis Group, which comprises Zellis, Moorepay, Benifex and Hastee. Working alongside the Group Head of Cyber Security, the role is the senior operational and Security Operations Centre (SOC) lead, responsible for the detection, triage, investigation and response activity that keeps the Group and its customers protected.

This is a hands-on, technically credible role. The manager leads the internal security team, directs the Group’s Managed Security Service Providers (MSSPs), and stays close to the detail of alerts and incidents – making sure escalations are correctly prioritised, properly investigated and driven through to resolution. It combines operational leadership with practical, hands-on engineering across the Microsoft security suite.

Automation and AI are central to how the team operates. The role takes a strong “AI first” approach, applying AI, automation and modern detection engineering to make security operations faster, sharper and more effective, and to continuously improve how the Group detects, triages, investigates and responds.

Key responsibilities

Security Operations Leadership

Work alongside the Group Head of Cyber Security to lead the internal security team and translate the Group’s cyber security strategy into day-to-day operational delivery.
Act as the senior operational and SOC lead, supporting the team and stepping into alerts, incidents and operational issues as they arise.
Lead, coach and develop internal SOC and technical security analysts through the full employee lifecycle.

Alert Triage & Incident Response

Own the detailed analysis of security alerts, ensuring escalations from MSSPs and internal sources are correctly prioritised, categorised and investigated.
Coordinate and manage incident response activity, driving remediation through to completion and capturing lessons learned.
Maintain operational queues, remediation routing and SLA escalation so that work does not stall and the right teams are engaged at the right time.

MSSP & Service Management

Manage the Group’s MSSPs day to day, holding them to account on service quality, SLA adherence, responsiveness and contractual outcomes.
Oversee the operational onboarding of new security tooling and third-party services, including technical kick-off, log-source prioritisation, platform integration and telemetry.

Threat Detection & Engineering

Stay hands-on with the Group’s security tooling, particularly the Microsoft security suite, continuously improving detection quality, efficiency and response times.
Create and tune detection rules, including KQL-based analytics in Microsoft Sentinel, to strengthen threat coverage and reduce false positives.
Use threat intelligence and proactive threat hunting to improve detection, triage and response, sharing relevant insights across the business.

AI, Automation & Continuous Improvement

Take a strong “AI first” approach, applying AI, automation and modern security technology to improve how the Group detects, triages, investigates and responds.
Use approved AI tooling (such as Microsoft Copilot and Claude) to accelerate investigation, reporting and knowledge capture.
Keep current with emerging threats, tooling and detection methods, feeding improvements back into how the team operates.

Reporting & Metrics

Set, track and act on cyber security metrics and SLAs in a live operational environment.
Provide clear, timely operational reporting to the Group Head of Cyber Security and wider stakeholders.
Translate technical findings into clear, practical actions for both technical and non-technical audiences.

Skills & experience

Strong hands-on experience across security operations, including SIEM, EDR, vulnerability management and incident response.
Practical experience creating and tuning threat detection queries, particularly within Microsoft Sentinel KQL.
A track record of leading internal SOC analysts and overseeing external MSSPs at an operational level.
Working knowledge of the Microsoft security suite, including Defender, Sentinel, Entra and Purview.
Experience setting, tracking and acting on cyber security metrics and SLAs in a live operational environment.
A genuine appetite for applying AI and automation to make security operations more efficient.
Excellent communication skills, able to translate technical detail into clear actions for non-technical audiences.

Essential Functional / Technical Skills

Significant hands-on experience within a SOC environment, including incident response, alert triage and investigation.
Demonstrable experience with SIEM and EDR tooling, threat detection engineering and vulnerability management.
Experience leading or directing analysts and managing third-party security providers.
Confident user of AI productivity and security tooling (e.g. Microsoft Copilot, Claude) to accelerate analysis and response.
Experience with business and ITSM tooling such as Microsoft Teams, ServiceNow, Azure DevOps and Jira would be advantageous.

Desirable Qualifications & Certifications

A relevant certification such as Microsoft SC-200, CISSP, CISM or GIAC (e.g. GCIA, GCIH), held or working towards.
Experience in a regulated, data-rich or SaaS environment – ideally payroll, HR, financial services or similar.
Familiarity with operational resilience and continuity expectations (e.g. DORA, NIS2) is an advantage.

Personal Attributes / Competencies

Hands-on and delivery-focused, comfortable leading from inside the detail.
Calm and decisive under pressure, with sound judgement during live incidents.
A credible leader and coach who develops and motivates a technical team.
Proactive and accountable, taking ownership of issues through to resolution.
Curious and improvement-minded, keen to apply new tools and automation to work smarter.
A strong communicator across technical and business audiences.
Adaptable and comfortable working in a fast-paced, evolving environment.

Benefits & culture

At Zellis Group (Zellis, Moorepay, Benifex, and Hastee) we power exceptional employee experiences by creating AI-enabled products and services within HR, workforce management, payroll, and benefits. Our vision is to be the clear leader in pay, reward, analytics, and people experiences. With over 3,500 colleagues across the UK, Europe, India and the Philippines, we have a significant ambition for growth (organically and through M&A).

Our vision is to be the clear leader in pay, reward, analytics, and people experiences. We're passionate about creating an environment where people want to join, belong to, and be part of a progressive organisation. Our values, which were defined with input from of our colleagues, we live and breathe every day:

Unstoppable together.
Always learning.
Make it count.
Think scale.

Our people are critical to our ongoing success; we’re proud of our inclusive culture that gives you the platform to grow, challenge the status quo and play a crucial role in further enhancing our market position as the leading provider of HR & Payroll software and services. With Zellis you’ll have the chance to stretch and challenge yourself in an environment that’s varied, flexible and hugely supportive.

We also love to reward and recognise our brilliant colleagues. As part of your benefits package, you’ll receive:

A competitive base salary, cash car allowance and bonus package.
25 days annual leave, plus your birthday off and the opportunity to buy additional holiday.
Private medical insurance.
Life assurance 4x salary.
Enhanced pension scheme with company contributions up to 8.5%.
A huge range of additional flexible benefits across financial & personal wellbeing, lifestyle & leisure.

Apply

Other jobs like this

Similar