Diageo - Engineering Manager - Security Operations

About the Function :

Our Digital and Technology (D&T) team are innovators, delivering ground-breaking solutions that will help shape the future of our iconic brands.

Technology touches every part of our business, from the sourcing of sustainable ingredients to marketing and development of our online platforms.

We utilise data insights to build competitive advantage, supporting our people to deliver value faster. Our D&T team includes some of the most talented digital professionals in the industry.

Every day, we come together to push boundaries and innovate, shaping the digital solutions of tomorrow. Whatever your passion, well help you become the best you can be, creating career-defining work and delivering breakthrough thinking.

About the Role :

The SOC Manager is responsible for leading and managing Security Operations Center (SOC) functions, ensuring effective 247 monitoring, detection, incident response, and threat hunting across enterprise IT, cloud, OT, and digital environments.

This role focuses on operational excellence, team leadership, incident readiness, and continuous improvement, while aligning SOC activities with enterprise cybersecurity strategy and business objectives.

Role Summary :

The SOC Engineering Manager leads the engineering and enablement functions that power the Security Operations Center.

This includes ownership of detection engineering, automation, telemetry pipelines, platform optimization, and continuous improvement of security monitoring and response capabilities.

The role requires deep technical proficiency, strong architectural thinking, and leadership in building high performance engineering teams.

Key Responsibilities :

SOC Platform & Engineering Leadership :

- Lead engineering strategy, architecture, and lifecycle management of all SOC technologies.

- Oversee design and implementation of scalable logging, monitoring, and response platforms.

- Ensure platforms meet performance, resilience, availability, and operational readiness requirements.

- Drive long term engineering roadmaps aligned to enterprise security strategy.

Detection Engineering & Threat Analytics :

- Design and implement detection logic using attacker technique frameworks (e.g., MITRE ATT&CK).

- Develop behavioral, anomaly based, and signature based detections across identity, endpoint, email, cloud, and network domains.

- Perform detection tuning, baselining, and enrichment improvements to enhance fidelity.

- Lead threat analysis and build threat informed use cases to strengthen coverage.

Automation & Orchestration :

- Develop automated workflows to streamline incident response, enrichment, containment, and remediation.

- Build reusable automation components following engineering best practices.

- Integrate automation with identity, endpoint, cloud, ticketing, and intelligence systems.

- Drive an automation first culture across SOC operations.

Telemetry, Data Engineering & Integration :

- Lead onboarding and engineering of telemetry sources across cloud, identity, endpoint, network, OT, and SaaS environments.

- Ensure data quality, schema consistency, normalization, and reliability in all pipelines.

- Apply engineering practices to improve log health, reduce noise, and enhance correlation capabilities.

- Develop telemetry dashboards and KPIs for coverage, completeness, and ingestion health.

Engineering Governance & Continuous Improvement :

- Establish engineering standards, design patterns, documentation, and architectural baselines.

- Maintain platform health metrics, detection maturity frameworks, and automation KPIs.

- Conduct regular engineering assessments and drive modernization initiatives.

- Support audits and compliance efforts with technical documentation and evidence.

Cross Functional Collaboration :

- Work closely with SOC Operations to address detection gaps and engineering dependencies.

- Partner with Cloud, Identity, Network, and Architecture teams to enhance telemetry and controls.

- Engage with vendors and partners to support platform enhancements and roadmap alignment.

- Provide engineering insights to leadership during incident reviews and strategic discussions.

People Leadership & Capability Development :

- Lead, mentor, and grow SOC engineers, detection engineers, and automation specialists.

- Build structured development pathways focused on advanced engineering skills.

- Promote a culture of innovation, accountability, and technical excellence.

- Create succession plans and capability uplift programs for the team.

Hands On Technical Skills :

1. Detection Engineering :

- Strong hands on experience building detections using : Query based analytics languages (e.g., KQL like, SQL like, pattern matching engines)Behavior based and anomaly based detection techniquesThreat modeling and MITRE ATT&CK mappingSignal correlation, enrichment, and contextual analytics

- Ability to design detections for : Endpoint behavioral anomaliesIdentity misuse and lateral movementEmail threats (phishing, BEC, malware)SaaS and cloud application misuseData exfiltration and DLP bypass patterns

2. Automation & Orchestration :

- Hands on expertise with workflow automation technologies (SOAR type systems).

- Ability to build automated remediation and containment actions.

- Experience with : API integrationsJSON/YAML transformationsEvent driven triggersAutomated enrichment logic

- Ability to automate response actions across endpoints, identity systems, cloud environments, and collaboration platforms.

Telemetry & Data Engineering :

- Proficiency in engineering log pipelines across multiple domains : IdentityCloudEndpointEmailNetworkApplication/SaaS

- Experience with schema design, parsing, normalization, and taxonomy alignment.

- Ability to perform telemetry quality assessments and implement improvements.

Scripting & Engineering Skills :

- Hands on skills in : PowerShell or Bash Python (light to intermediate scripting)Regular expressionsGit based version control

- Experience building engineering automations, utilities, or integration scripts.

Security & Threat Expertise :

- Deep understanding of : Attack lifecyclesThreat actor techniquesIdentity compromise patternsEndpoint exploitation behaviorsCloud attack vectors

- Experience conducting threat informed engineering improvements.

Architecture & Troubleshooting :

- Strong ability to analyze, architect, and optimize large security data platforms.

- Troubleshooting experience across distributed systems, log ingestion, automation failures, and detection pipelines.

Required Qualifications :

- Bachelors degree in Cybersecurity, Engineering, Computer Science, or related field.

- 8 to 12+ years of cybersecurity experience with significant time in SOC engineering or detection engineering.

- Demonstrated expertise leading technical engineering teams in enterprise environments.

- Strong communication skills and ability to translate technical concepts to leadership.

Preferred Qualifications :

- Professional certifications in security operations, cloud security, or architecture.

- Experience in global, hybrid cloud, or 247 operations environments.

- Proven ability to build high performing engineering teams