Tech Stack

Description

You will oversee all SOC functions and lead a blended team of SOC Analysts and Security Engineers to ensure rapid detection, investigation, and response to security threats. This role involves driving threat hunting, leading major incidents, engineering detection capabilities, and maturing SOC operations to stay ahead of evolving adversary behaviors. You will act as the central coordination point during security events and set the strategic direction for the SOC to ensure continuous, mission-critical security coverage.

Requirements

• 8 years of cybersecurity experience, with 3+ years leading SOC or IR teams
• Hands-on experience triaging alerts, logs, events, and incident artifacts across enterprise environments
• Strong experience with one or more of the following technologies: SIEM (Splunk, Elastic), NDR (ExtraHop), EDR/XDR (Trellix), and packet analysis tools
• Demonstrated ability to lead incident response for high-severity cybersecurity events

Responsibilities

• Lead day-to-day SOC operations, including queue management, alert triage oversight, escalation handling, on-call rotations, and daily situational reporting
• Mentor and develop SOC analysts across tiers; refine SOPs, workflows, and response playbooks
• Drive threat hunting activities focused on identifying patterns, outliers, and TTP-aligned behaviors across host, network, email, and cloud logs
• Oversee SIEM dashboarding, alert tuning, log source health, and rule/correlation development to strengthen detection depth
• Coordinate with Security Engineering to ensure logging fidelity, sensor coverage, and integration of new technologies
• Lead the full lifecycle of incident response: identification, containment, eradication, recovery, forensics support, and post-incident reporting
• Perform or direct deep-dive investigations using SIEM, NDR, EDR, packet analysis tools, and forensic artifacts
• Provide expert investigative support for large-scale or complex incidents where technical detections may not be available
• Guide analysts during high-severity incidents and act as the primary interface with client leadership and internal stakeholders
• Oversee threat intelligence intake and ensure IOCs, adversary behaviors, and campaign indicators are integrated into SOC detections
• Develop and optimize SIEM correlation rules, dashboards, and monitoring logic
• Enhance playbooks and automation pipelines to improve consistency and reduce analyst workload
• Ensure ongoing alignment to evolving threat actor TTPs, including insider threat and APT-style behaviors
• Integrate new data sources into SOC detection pipelines and validate alert efficacy