Role Overview
We are seeking an experienced, hands-on Senior Manager to lead our Security Operations Center (SOC). The ideal candidate will bring deep technical expertise, proven leadership experience, and a track record of building, optimizing, and maturing SOC functions. This individual will play a critical role in enhancing our security posture, driving automation and innovation, and ensuring 24/7 monitoring, detection, and response capabilities.
Experience Required:
Key Responsibilities
SOC Leadership & Operations
- Lead and manage a multi-tiered SOC team, overseeing daily monitoring, alert analysis, incident response, and threat hunting operations.
- Define and implement SOC strategy aligned with organizational risk appetite, business objectives, and compliance requirements.
- Act as the primary point of contact for internal stakeholders, external clients, auditors, and technology vendors.
SIEM & Logging Architecture
- Oversee design, deployment, and optimization of SIEM solutions, including custom log collector development (Python) and log integration from diverse sources.
- Architect and maintain robust logging and auditing frameworks to ensure comprehensive security visibility and forensic readiness.
Use Case & Content Engineering
- Direct the creation, finetuning, and management of SOC use cases: detection rules, threat hunting queries, dashboards, and reports.
- Implement MITRE ATT&CK Framework for adversary mapping, threat modeling, and continuous improvement of detection logic.
SOAR & Automation
- Lead SOAR tool design, deployment, and ongoing tuning, including automated playbook and workflow development.
- Leverage AI/ML (LLM agentic frameworks) to automate alert triage, analysis, and investigation processes.
- Create, optimize, and document SOC automation scripts (primarily in Python) for log collection, enrichment, and task orchestration.
Incident Management & Forensics
- Oversee all phases of incident response, from alert triage through investigation and resolution.
- Develop and maintain comprehensive SOPs for alert analysis and incident investigation.
- Lead forensic investigations of major breaches, ensuring timely root cause analysis and SLA-driven incident reporting.
Compliance & Audit
- Align SOC operations with NIST, ISO 27001, and PCI DSS standards.
- Prepare for, participate in, and support internal and external audits; ensure timely closure of findings and continuous compliance.
- Conduct regular assessments of security controls, participate in BAS/Red Team activities, and drive remediation initiatives.
Training & Team Development
- Mentor and develop SOC analysts, engineers, and leads; foster a culture of continuous improvement and knowledge sharing.
- Conduct regular training sessions on alert analysis, investigation methodologies, and risk mitigation strategies.
Stakeholder Engagement
- Liaise with business leaders, IT teams, and clients to understand requirements, communicate risks, and provide regular status updates.
- Serve as the escalation point for critical incidents and operational issues.
Technology Evaluation & Risk Management
- Evaluate, select, and review security tools for SOC operations.
- Maintain high scores on security risk management platforms (e.g., BitSight, Security Scorecard) through proactive risk mitigation.
Required Skills & Experience
10+ years
in SOC roles: Analyst, SOC Engineer, Lead, and Manager.- Deep expertise in
SIEM
, logging/auditing
, and custom log collection
(Python scripting). - Hands-on experience with
SOAR tools
, automation workflow design, and playbook development. - Advanced knowledge of
use case engineering
, MITRE ATT&CK implementation, and detection logic finetuning. - Proven ability to develop, implement, and improve
alert/incident SOPs
. - Demonstrated success in
forensic investigations
and incident reporting
. - Strong track record in supporting and passing
internal and external audits
. - Working knowledge of
NIST, ISO27001, PCI DSS
compliance. - Experience administering
BAS tools
, conducting Red Team assessments, and developing remediation strategies. - Excellent programming skills in
Python
for SOC automation and enrichment. - Experience with
AI/ML/LLM-based security automation
is highly desirable. - Strong communication, leadership, and stakeholder management skills.
Certifications (Preferred)
- CISSP, CISM, or equivalent
- SANS GIAC (GCIA, GCFA, GCIH) or similar
- ISO 27001 Lead Implementer/Auditor
- Azure/AWS Security certifications
