SOC Operations Lead

Job Title: SOC Operations Lead

Department:

Location:

Experience:

Employment Type:

About ESCOSS

ESCOSS is a cybersecurity firm focused on active defense, real-world threat detection, and disciplined security operations

high-performing SOC professional

Position Overview

The SOC Operations Lead

This position is ideal for a strong SOC analyst transitioning into leadership, with hands-on responsibility and direct exposure to management and client coordination.

Key Responsibilities

SOC Operations & Team Leadership

• Supervise L1/L2 SOC analysts and manage shift rosters to ensure 24/7 SOC coverage
• Act as the primary escalation point for complex or high-severity alerts
• Ensure adherence to SOC SOPs, escalation paths, and quality standards

Incident Handling & Response

• Lead investigation, containment, and resolution of security incidents
• Support analysts during high-pressure incident scenarios
• Coordinate internal response efforts to minimize business and client impact

Threat Detection & Hunting

• Perform proactive threat hunting using SIEM platforms and log analysis
• Identify suspicious behavior missed by automated detections
• Improve detection logic and use cases aligned with the MITRE ATT&CK framework

Process & Playbook Improvement

• Refine SOC playbooks, workflows, and Standard Operating Procedures
• Reduce false positives and improve Mean Time to Detect (MTTD) and Respond (MTTR)

Client & Stakeholder Coordination

• Support client-facing incident communications, including status updates and RCA inputs
• Coordinate with internal stakeholders (IT, DevOps, Cloud teams) during investigations
• Ensure clear, professional communication with management and clients during incidents

Training & Mentorship

• Conduct weekly knowledge-sharing sessions for junior analysts
• Lead internal tabletop incident response drills and simulations
• Guide interns and fresh analysts to become production-ready SOC professionals

Reporting & Documentation

• Prepare weekly SOC performance reports (alert volumes, response times, trends)
• Maintain clear documentation for incidents, detections, and SOP updates
• Present security findings in a clear, non-jargon manner to leadership

Candidate Requirements

Experience

• 2+ years of hands-on experience in a SOC or Incident Response role
• Prior exposure to mentoring, training, or task leadership is preferred

Technical Expertise

• Strong hands-on experience with SIEM tools (Splunk, Microsoft Sentinel, Wazuh, QRadar, etc.)
• Ability to write custom SIEM queries and independently investigate alerts
• Working knowledge of EDR tools and endpoint investigations

Security Knowledge

• Solid understanding of MITRE ATT&CK framework, Windows/Linux internals, and TCP/IP networking
• Familiarity with common attack techniques, logs, and detection methodologies

Leadership & Communication

• Ownership-driven mindset with the ability to lead under pressure
• Clear communicator capable of explaining technical risks to non-technical stakeholders
• Strong coordination and decision-making skills during incidents

Certifications (Preferred)

• CompTIA CySA+
• CEH
• GCIH
• BTL1 (Blue Team Level 1)

How to Apply

Interested candidates should send their resume and a brief cover letter to