Security Operations Center Lead

Job Title:

Job Overview

Key Responsibilities

• Operational Oversight

  : Supervise daily SOC operations, including monitoring, incident detection, and response activities, ensuring 24/7 coverage and timely resolution of security alerts.

• Incident Management

  : Lead the investigation, triage, and resolution of security incidents, coordinating with analysts, SIEM engineers, and external teams as needed.

• SIEM Optimization

  : Oversee the configuration, tuning, and maintenance of SIEM platforms to enhance threat detection and reduce false positives.

• Team Leadership

  : Mentor and guide SOC analysts and engineers, providing technical direction, training, and performance feedback to improve team capabilities.

• Threat Intelligence Utilization

  : Integrate and leverage threat intelligence feeds to enhance detection rules, correlation logic, and incident response strategies.

• Process Improvement

  : Develop, refine, and implement SOC processes, playbooks, and standard operating procedures (SOPs) to ensure consistent and efficient operations.

• Reporting and Metrics

  : Generate and review reports on incident trends, SIEM performance, and SOC metrics, presenting findings to the SOC Manager and other stakeholders.

• Collaboration

  : Work closely with other IT and security teams, including network operations, cloud security, and compliance teams, to align SOC activities with organizational goals.

• Automation and Scripting

  : Promote and support the use of automation tools and scripts (e.g., Python, PowerShell) to streamline repetitive tasks and improve response times.

• Escalation Point

  : Serve as the primary escalation point for complex incidents, providing expertise and decision-making during high-severity events.

• Training and Development

  : Facilitate training sessions and knowledge-sharing initiatives to upskill team members and promote certifications

Skills and Qualifications:

• Education

  : Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field. A Master’s degree or relevant certifications are preferred.

• Experience

  :
• 5-8 years of experience in cybersecurity, with at least 2-3 years in a SOC environment and 1-2 years in a leadership or supervisory role.
• Hands-on experience with SIEM platforms and incident response processes.
• Prior experience in a Security Operations Center or Managed Security Service Provider (MSSP) environment is highly desirable.

• Technical Skills

  :
• Strong knowledge of SIEM architecture, log management, and event correlation.
• Proficiency in network security tools (e.g., firewalls, IDS/IPS, EDR solutions like CrowdStrike, Carbon Black).
• Familiarity with cloud security platforms (e.g., AWS, Azure, Google Cloud) and their integration with SOC tools.
• Scripting skills in Python, PowerShell, or similar languages for automation and process optimization.
• Understanding of network protocols, TCP/IP, and enterprise security technologies.
• Strong leadership and mentoring skills to guide and motivate SOC team members.
• Excellent analytical and problem-solving abilities to address complex security incidents.
• Effective communication skills for reporting and collaborating with technical and non-technical stakeholders.
• Ability to perform under pressure and manage multiple priorities in a fast-paced environment.

• Certifications

  (Preferred):
• Certified Information Systems Security Professional (CISSP)
• Certified Ethical Hacker (CEH)
• CompTIA Security+

• GIAC Security Operations Certified (GSOC)