Lead Security Analyst - SOC

Job Description

Role & responsibilities Detection Engineering & Rule Management Design, implement, and maintain robust SIEM detection rules to identify security threats and anomalies. Configure and optimize Web Application Firewall (WAF) rules to protect against web-based threats. Build and enhance automated detection workflows, integrating with existing security tools to improve threat detection and response efficiency. Cloud Security and Misconfiguration Management Identify and remediate security misconfigurations in AWS, GCP, and Kubernetes environments. Partner with DevOps teams to embed security best practices in cloud and CI/CD workflows. Implement and monitor security controls to ensure adherence to compliance standards and frameworks. SOC Processes Lead the development and execution of SOC processes, including incident response plans, escalation procedures, and playbooks. Manage shift/on-call schedules to ensure 24/7 SOC coverage and efficiency in operations. Mentor and upskill junior SOC analysts, fostering a culture of continuous learning and improvement. Automation and Programming Leverage Python to automate security tasks, enhance detection workflows, and reduce operational overhead. Create custom scripts and tools to address complex security challenges efficiently. Threat Intelligence and Reporting Incorporate threat intelligence feeds into detection systems to proactively identify emerging threats. Generate detailed security metrics, reports, and dashboards for stakeholders to track SOC performance and risks. Collaboration & Stakeholder Engagement Collaborate with engineering, IT, and DevOps teams to align security strategies with business goals. Serve as the point of contact for major incidents and ensure timely resolution Preferred candidate profile Experience 7-9 years of experience in SOC operations, with at least 2 years in a lead role. Technical Expertise Proficient in operating SIEM platforms and rule creation. Strong experience with WAFs (e.g., AWS WAF, Cloudflare) and related configurations. In-depth knowledge of cloud platforms (AWS/GCP) and Kubernetes security. Familiarity with DevOps tools like Jenkins, GitHub Actions, and Terraform. Familiarity with CSPM and CNAPP tools would be an added advantage. Hands-on experience with Python or any general purpose language for automation, scripting, and task optimization. Soft Skills Good leadership, problem-solving, and communication skills. Strong analytical abilities and attention to detail. Shift Requirements This position may involve on-call work to ensure 24/7 SOC coverage. Candidates must be willing to adapt to rotating schedules and provide support during off-hours when required. Work Type Full-Time In-Office only Perks and benefits