Gas Networks Ireland operates and maintains Ireland’s €3bn, 14,725km national gas network, which is considered one of the safest and most modern renewables-ready gas networks in the world.
Almost 725,000 Irish homes and businesses trust Ireland’s gas network to provide efficient and reliable energy to meet their heating, cooking, manufacturing and transport needs.
The gas network is the cornerstone of Ireland’s energy system, securely supplying more than 30% of Ireland’s total energy and over 40% of the country’s electricity generation.
Gas Networks Ireland is aiming to deliver a repurposed, resized and fully decarbonised gas network by 2045. Its “Pathway to a Net Zero Carbon Network” envisions transforming the existing gas network into two separate systems carrying 100% renewable gas, one dedicated to biomethane and the other to green hydrogen, with the potential to carry approximately 30% biomethane and 70% green hydrogen, as well as offering significant long term energy export opportunities.
Gas Networks is an organisation with a very strong legacy and a culture founded on pride in our purpose, to keep Irelands energy moving, and commitment to our vision, to be at the heart of Irelands energy future. Our organisational values demonstrate what is important across the organisation including building on our experience across our organisation to build towards our sustainable future, doing what's right for each other and for the people and communities that we serve and finally energised for the change of our future towards a renewable energy landscape. Throughout your career in Gas Networks Ireland, you will be part of an organisation that has a strong commitment to supporting and developing our workforce today and into the future. You will also have an opportunity to get involved in our ambitious iBelong programme ensuring a diverse, equitable and inclusive environment for us all to thrive. Finally, our Time to Talk Mental Health programme and our wellbeing initiatives ensure we provide support across many areas as you work in our organisation
The Role:
Based in Cork or Dublin and reporting to the Cyber Security Manager, the SOC Lead is accountable for leading GNI’s internal Security Operations Centre, managing a team of security analysts, and ensuring operational excellence across detection and response platforms. This includes managing ticket workload, defining and refining SOC processes and procedures, and governing relationships with the external SOC managed service provider. The role drives performance across Microsoft Sentinel, Microsoft Defender XDR (and its managed service), and Network Detection & Response (NDR), focusing on improving detection fidelity, reducing false positives, and achieving measurable improvements. In addition, the SOC Lead acts as CSIRT Lead during major incidents, coordinating P1/P2 incident response, ensuring adherence to the Incident Response Plan (IRP), managing communications, containment, eradication, and recovery activities, and leading post-incident reviews to embed lessons learned into continuous improvement.
Duties and Responsibilities:
1) Lead GNI SOC Team
Provide leadership, coaching, and performance management for the team of security analysts.
Set clear objectives, monitor workload distribution, and ensure professional development through training and mentoring.
Foster a collaborative, high-performance culture focused on continuous improvement and operational excellence.
2) Manage GNI’s SOC Operations
Own the intake → triage → assignment → resolution flow for security incidents, ensuring queue hygiene, SLA adherence, and accurate documentation.
Run daily stand-ups and ageing reviews; unblock analysts and optimise resource allocation.
Reduce noise and rework by tuning Sentinel analytics rules and SOAR playbooks and closing automation gaps with the managed service provider.
Track and present SOC KPIs (including MTTD, MTTR, detection rate, false-positive rate) with trend analysis and corrective actions for misses.
3) Manage SOC Processes and Procedures
Maintain and continuously improve SOC runbooks, SOPs, and investigation playbooks aligned to SOC 2.0 design.
Embed lessons learned from incidents and exercises into procedures, ensuring version control and audit readiness.
4) Manage External SOC
Oversee the external SOC managed service by running weekly service reviews, track KPIs/SLAs, agree action plans, and escalate issues via the documented matrix.
Validate reporting cadence and ensure DFIR retainer invocation paths are clear and tested
5) SOC Operational Excellence
Own the use-case lifecycle (analytics rules, suppression, enrichment, SOAR automation) to ensure high-fidelity incidents and measurable improvements in detection and response.
Coordinate with the managed service on Microsoft Defender XDR tuning, automated response guardrails, and incident orchestration.
Lead Network Detection & Response (NDR) operations, integrating detections with Sentinel and SOC workflows.
Reduce false positives and analyst workload through targeted rule improvements and automation.
6) Lead Security Incident Management (CSIRT Lead) & Post-Incident Reviews (PIRs)
Lead P1/P2 incident bridges in accordance with the Incident Response Plan (IRP) - classification, communications, containment, eradication, recovery, timelines, and post-incident reviews.
During P1/P2 incidents coordinate cross-functional teams (IT, OT, Legal, Compliance) and Crisis Management Team as required.
Ensure timely escalation to CSIRT and timely and clean closure of incidents with complete artefacts.
Knowledge, Skills and Experience:
5+ years in SOC/blue‑team roles with proven incident coordination and cross‑functional stakeholder management.
Hands‑on with ServiceNow SIR (intake → triage → assignment → closure), including SLA management and evidence/audit hygiene.
Microsoft Sentinel: analytics rule design/tuning, KQL investigations, workbook/report creation, and SOAR (Logic Apps/automation) to reduce toil and MTTR.
Microsoft Defender XDR suite (Defender for Endpoint/Identity/Office 365/Cloud Apps/Cloud): tuning, incident orchestration, and managed‑service coordination.
Network Detection & Response (NDR) (e.g., Vectra/Darktrace): platform operations, signal tuning, and SIEM/IR workflow integration to lower false positives.
Practical familiarity with MITRE ATT&CK, threat modeling, and prioritisation methods (e.g., based on exploitability/impact).
Proven ability to govern an external SOC/managed service (SLAs, KPIs, runbooks, reporting cadence, and escalation matrices) and drive measurable improvements.
Track record of CSIRT leadership for P1/P2 incidents, operating to a formal Incident Response Plan (IRP) and producing high‑quality Post-Incident Reviews (PIRs).
Excellent communication, stakeholder management, and reporting skills.
Demonstrated ability to inspire, coach, and develop a high-performing SOC team.
Clear communication and decisive action during critical incidents.
Strong problem-solving skills with a bias towards automation and measurable outcomes
Demonstrated ability to build trust and drive collaboration across technical and business teams.
Experience orchestrating DFIR retainer during major incidents (scope, evidence handling, hand‑offs, and recovery validation) is a plus
Microsoft SC-200 / SC-100, AZ-500, GIAC (GCIH/GMON), CompTIA CySA+. Security Specialist advantageous
Applications, including current Curriculum Vitae, should be emailed to the following address stating the job title and reference number in the subject line of your email: recruit@gasnetworks.ie
The closing date for receipt of applications for this vacancy is the 25th November 2025.
Please note that applications submitted after this closing date will not be accepted.
Gas Networks Ireland is an equal opportunities employer
We are committed to providing a diverse and inclusive place of work and have a robust strategy and framework called ibelong to enable this. We are an equal opportunity employer and through our recruitment process we welcome and encourage applications from interested and suitably qualified individuals regardless of gender, age, racial or ethnic origin, membership of the traveller community, religion or beliefs, family or civil status, sexual orientation/gender identity or disability.
GNI will only hold your data for as long as necessary. By providing a CV to GNI you are agreeing for GNI to process this information about you. If you have any question about how GNI processes your data, please see our Privacy Notice. If you have further questions, you can contact us at DataProtection@gasnetworks.ie