SOC Lead
Role OverviewThe SOC Lead serves as a senior member of the Monitoring and Threat Detection function. This role focuses on high-quality incident triage, technical escalation management, continuous improvement of detection capabilities, and leading incident analysis across enterprise-wide environments. The SOC Lead mentors L1/L2 analysts, ensures SLA compliance, and drives process innovation within the SOC.Key Responsibilities
- Lead deeper security investigations (L2/L3) and advanced triage of escalated alerts across SIEM, EDR, and email security platforms.
- Collaborate with Threat Detection, Incident Response, and Threat Hunting teams to validate and escalate potential threats.
- Oversee quality assurance of security tickets and ensure accurate root cause and kill chain identification.
- Manage the design and optimization of detection rules, threat correlation logic, and playbooks within SIEM/SOAR tools.
- Provide subject matter expertise in high-severity incident response and containment, ensuring coordinated communication with clients and internal stakeholders.
- Conduct and support Purple Team simulations and threat validation exercises to assess detection efficacy.
- Mentor and guide SOC analysts, fostering technical growth and enforcing operational discipline.
- Coordinate with enterprise teams on email and cloud security incidents, leading Proofpoint and Microsoft 365 Defender investigations.
- Define and maintain documentation including incident response procedures, triage guides, and detection playbooks.
- Contribute to automation initiatives to reduce repetitive manual work and improve response efficiency.
Core Skills And Experience
- 10 years of cybersecurity operations experience, with at least 3–4 years in SOC L2/L3 or senior incident response roles.
- Hands-on expertise with multiple SIEM platforms (e.g., AWS, Azure Wazuh, Splunk, Log360, Elastic).
- Proficient with leading EDR tools such as CrowdStrike, Microsoft Defender, SentinelOne, Fortinet.
- Strong working knowledge of Email Security (TAP, DLP, Threat Response, SPF/DKIM/DMARC) tools such as FortiMail, Microsoft Purview, Proofpoint
- Expertise in attack vectors, MITRE ATT&CK mapping, threat analysis, and incident containment strategies.
- Solid understanding of enterprise infrastructure — networks, firewalls, endpoint platforms, OS (Windows/Linux), and web applications.
- Excellent knowledge of cloud security operations across Azure, AWS, and Google Cloud.
- Awareness of major security frameworks: ISO 27001, NIST, CIS, OWASP, and PCI DSS.
- Functional knowledge of SOAR automation and orchestration workflows.
Leadership and Delivery
- Lead service operations ensuring incident SLAs are consistently met.
- Conduct regular performance reviews and provide knowledge-sharing sessions to elevate SOC maturity.
- Liaise with customers to discuss incident outcomes, mitigations, and improvement recommendations.
- Manage process documentation and enforce consistent global SOC methodologies.
Desired Certifications
- CEH, GCIA, GCIH, CISSP, or equivalent cybersecurity certifications.
- Vendor-specific credentials (Microsoft, Proofpoint, or SIEM/EDR certifications) preferred.
Additional Attributes
- Strong analytical, investigative, and documentation skills.
- Excellent communication and presentation abilities.
- Self-driven with ability to manage multiple escalations under pressure.
- Flexible to work in a 24x7 rotational environment if required.
Skills: edr,cloud security,siem,soc,email security
