Security Operations Architect

Security Operations Architect

Job Overview:

We are seeking a highly capable Security Architect with a focus on Security Operations Center (SOC) technologies and architecture. The ideal candidate will contribute to designing and maintaining a robust security monitoring infrastructure and will provide strategic direction on threat detection, response, and mitigation. This role involves working closely with security engineers, analysts, and business stakeholders to ensure end-to-end security coverage and continuous improvement of SOC capabilities.

Key Responsibilities:

• Design and architect SOC-related infrastructure and workflows

  , ensuring scalable and resilient solutions

• Assess, select, and integrate SOC tools

  such as SIEM, SOAR, EDR, and threat intelligence platforms
• Lead

  security monitoring strategies

  , including use case development and data source onboarding
• Work closely with incident response teams to define and refine detection and response procedures
• Develop and enforce

  security event correlation rules, alerts, and automation playbooks

  for timely threat detection and response
• Perform

  SOC capability maturity assessments

  , identifying areas for improvement and innovation
• Establish

  KPIs and metrics

  to measure the effectiveness of SOC tools and processes
• Evaluate

  cloud-native SOC solutions

  (e.g., Microsoft Sentinel, AWS GuardDuty) and integrate them into hybrid environments
• Guide SOC analysts and junior architects on

  architecture best practices and threat modeling

• Ensure compliance with industry frameworks such as

  MITRE ATT&CK, NIST, ISO 27001

  , and regulatory requirements
• Participate in

  security assessments and red/blue team engagements

  , contributing architectural improvements based on findings
• Conduct

  research and proof-of-concept (PoC)

  evaluations of new SOC tools and emerging threat detection technologies
• Develop and maintain

  security architecture documentation

  , tool inventories, and process flows for SOC operations

Technical Skills:

• Hands-on expertise in

  SIEM platforms

  (Splunk, QRadar, Arcsight, Sentinel)
• Experience with

  SOAR tools

  (Google SecOps, Palo Alto Cortex XSOAR, IBM Resilient)
• Strong working knowledge of

  Endpoint Detection and Response (EDR/XDR)

  tools (CrowdStrike, Sentinel One, Microsoft Defender)
• Familiarity with

  Threat Intelligence Platforms (TIP)

  and integration with SOC workflows
• Understanding of

  Syslog, NetFlow, packet capture

  , and

  log aggregation

  technologies
• Proficient in

  scripting for automation

  (Python, PowerShell, Bash)
• Exposure to

  cloud security tools

  : Azure, AWS and GCP
• Working knowledge of

  firewalls, IDS/IPS, DLP, PAM, and WAF

• Familiarity with

  security orchestration and alert tuning

  practices

Required Skills:

• Strong understanding of

  Security Operations

  , incident lifecycle, and attack detection
• Solid grasp of

  MITRE ATT&CK framework

  , TTP mapping, and threat hunting techniques
• Ability to design and review

  security monitoring architecture

  for enterprise environments
• Proficiency in creating and managing

  security use cases and detection rules

• Experience integrating

  business-critical data sources into SIEM

  and optimizing parsing
• Good communication skills to

  collaborate with engineering, IT, and executive teams

Certifications

• CISSP
• GIAC Security Essentials (GSEC)
• Microsoft Cybersecurity Architect (SC-100) or equivalent
• GIAC Certified Detection Analyst (GCDA)
• Splunk Enterprise Security Certified Admin / Architect
• Certified SOC Analyst (CSA)