Art Technology and Software - Security Operations Center Lead

Description

Key Responsibilities

• Lead deeper security investigations (L2/L3) and advanced triage of escalated alerts across SIEM, EDR, and email security platforms.
• Collaborate with Threat Detection, Incident Response, and Threat Hunting teams to validate and escalate potential threats.
• Oversee quality assurance of security tickets and ensure accurate root cause and kill chain identification.
• Manage the design and optimization of detection rules, threat correlation logic, and playbooks within SIEM/SOAR tools.
• Provide subject matter expertise in high-severity incident response and containment, ensuring coordinated communication with clients and internal stakeholders.
• Conduct and support Purple Team simulations and threat validation exercises to assess detection efficacy.
• Mentor and guide SOC analysts, fostering technical growth and enforcing operational discipline.
• Coordinate with enterprise teams on email and cloud security incidents, leading Proofpoint and Microsoft 365 Defender investigations.
• Define and maintain documentation including incident response procedures, triage guides, and detection playbooks.
• Contribute to automation initiatives to reduce repetitive manual work and improve response efficiency.
  

Additional Responsibilities

• Lead SIEM architecture and design, ensuring scalable log ingestion, parsing, normalization, and enrichment across cloud and on-prem environments.
• Oversee SIEM administration, including connector management, health monitoring, log source onboarding, and retention optimization.
• Define and enforce triage standards for SIEM alerts, ensuring consistent severity classification, enrichment, and correlation logic.
• Evaluate and enhance SIEM use case lifecycle management-from requirements gathering to rule tuning, false-positive reduction, and KPI reporting.
• Drive continuous improvement of SIEM detection coverage, aligning with threat models, MITRE ATT&CK techniques, and emerging adversary behaviors.
  

Core Skills And Experience

• Over 10 years of cybersecurity operations experience, with at least 4-5 years in SOC L2/L3 or senior incident response roles.
• Hands-on expertise with multiple SIEM platforms (e.g., AWS, Azure Wazuh, Splunk, Log360, Elastic).
• Proficient with leading EDR tools such as CrowdStrike, Microsoft Defender, SentinelOne, Fortinet.
• Strong working knowledge of Email Security (TAP, DLP, Threat Response, SPF/DKIM/DMARC) tools such as FortiMail, Microsoft Purview, Proofpoint
• Expertise in attack vectors, MITRE ATT&CK mapping, threat analysis, and incident containment strategies.
• Solid understanding of enterprise infrastructure - networks, firewalls, endpoint platforms, OS
  

• Excellent knowledge of cloud security operations across Azure, AWS, and Google Cloud.
• Awareness of major security frameworks: ISO 27001, NIST, CIS, OWASP, and PCI DSS.
• Functional knowledge of SOAR automation and orchestration workflows.
  

Leadership And Delivery

• Lead service operations ensuring incident SLAs are consistently met.
• Conduct regular performance reviews and provide knowledge-sharing sessions to elevate SOC maturity.
• Liaise with customers to discuss incident outcomes, mitigations, and improvement recommendations.
• Manage process documentation and enforce consistent global SOC methodologies.
  

Desired Certifications

• CEH, GCIA, GCIH, CISSP, or equivalent cybersecurity certifications.
• Vendor-specific credentials (Microsoft, Proofpoint, or SIEM/EDR certifications) preferred.
  

Additional Attributes

• Strong analytical, investigative, and documentation skills.
• Excellent communication and presentation abilities.
• Self-driven with ability to manage multiple escalations under pressure.
• Flexible to work in a 24x7 rotational environment if required.