SOC Lead

Key Responsibilities:

SOC Operations & Leadership

• Lead end-to-end SOC activities in a 24x7 environment across L1, L2, and L3 teams.
• Manage SOC operations across MSSP models, including shared and dedicated SOC environments.
• Act as a senior escalation point for critical security incidents and complex investigations.
• Ensure operational excellence in triage, investigation, response, and reporting.

Incident Response Management

• Own the incident response lifecycle: detection, containment, eradication, recovery, and post-incident review.
• Guide forensic investigations, impact assessments, and RCA documentation.
• Ensure customer notification and communication workflows are executed effectively.

Threat Hunting

• Conduct proactive, hypothesis-driven threat hunts across endpoints, networks, and cloud.
• Use behavioral analytics, threat patterns, and telemetry data to identify hidden threats.
• Develop hunting playbooks and enhance visibility across the attack surface.

Threat Intelligence Operations

• Operationalize threat intelligence feeds (commercial, open-source, internal).
• Map IOCs and TTPs to detection use cases and ongoing investigations.
• Maintain updated threat profiles, adversary mappings, and enrichment logic.

SIEM/SOAR Use Case & Tuning

• Lead detection engineering efforts including development and optimization of correlation rules and use cases.
• Fine-tune SIEM rules and SOAR playbooks to reduce false positives and improve alert fidelity.
• Drive continuous improvement of detection logic aligned with MITRE ATT&CK and evolving threats.

Documentation & Readiness

• Create and maintain:
• Customer onboarding documentation
• Incident response runbooks
• SOC SOPs and escalation matrices
• Playbooks and detection content version control
• Ensure documentation is up-to-date, accessible, and aligned with SLAs and compliance needs.

Customer & Stakeholder Management

• Serve as the primary point of contact for customers during incident handling and governance meetings.
• Coordinate with internal and external stakeholders to ensure service quality and alignment.
• Present RCA findings, operational dashboards, and detection strategy updates to clients.

Team Mentoring & Capability Building

• Mentor SOC analysts across all levels on processes, tooling, detection logic, and response best practices.
• Support shift planning, performance reviews, and training initiatives.
• Foster a collaborative, high-accountability culture within the team.

Process Optimization & Automation

• Drive process maturity by identifying and implementing efficiency improvements.
• Collaborate with platform teams to build and refine SOAR automation playbooks.
• Monitor SOC metrics and KPIs to track improvements and reduce mean time to detect/respond.

Required Skills & Qualifications:

• Hands-on experience operating within MSSP environments, managing both shared and dedicated SOC models.
• Expertise in SIEM (e.g., Splunk, Sentinel, Sumologic, Google SecOps, QRadar) and SOAR platforms (e.g., Google SecOps, Cortex XSOAR, Swimlane).
• Strong command of threat hunting methodologies, detection engineering, and threat intelligence integration.
• Deep understanding of MITRE ATT&CK, Cyber Kill Chain, and adversary behavior patterns.
• Excellent communication and stakeholder engagement skillsinternal and external.