Team Lead - Security Operations Center (SoC)

Email your resume at: hr@sanganan.co.in

Salary: 35 LPA

This job opening is for our esteemed client in Singapore, and sponsorship for relocation may be provided.

As the SOC Team Lead, you will oversee the daily operations and strategic direction of a multi-tiered Security Operations Center comprising Level 1, Level 2, and Level 3 SOC Analysts. You will ensure delivery of high-quality monitoring, detection, response, and threat intelligence services across internal and MSSP customer environments. In this leadership role, you’ll be responsible for analyst performance, escalation handling, service delivery compliance, and technical excellence. You will also lead the coordination of quarterly incident response exercises, customer reporting, and continuous process improvement initiatives.

This position plays a pivotal role in bridging tactical SOC operations and strategic business outcomes, reporting to the SOC Manager or Head of Cybersecurity Services.

Key Responsibilities:

1. Team Leadership & Tiered Analyst Management

·      Lead and supervise the SOC team across L1 (Monitoring/Triage), L2 (Investigation/Response), and L3 (Threat Hunting/Engineering) functions.

·      Set clear roles, escalation workflows, and KPIs across tiers; ensure consistent coverage, shift rotations, and SLA adherence.

·      Conduct regular performance reviews and targeted skill gap analysis.

·      Promote collaboration, accountability, and continuous learning across junior and senior analysts.

·      Foster readiness to handle high-severity security events through coaching and simulated training.

2. SOC Operations Oversight

·      Act as the final escalation point for critical, complex, or ambiguous incidents that exceed Level 3 thresholds.

·      Ensure effective triage, investigation, containment, and recovery workflows across all incident types.

·      Support 24/7 monitoring operations, ensuring shift efficiency, proper documentation, and accurate escalation.

·      Oversee the tuning and effectiveness of detection content, ensuring false positive reduction and high-fidelity alerting.

3. Customer Reporting & MSSP Service Quality

·      Ensure timely delivery of Weekly Threat Intelligence Digests, Biweekly Alert Tuning Reports, and Monthly/Quarterly MSSP Reports.

·      Review and validate customer-facing deliverables for accuracy, quality, and insight.

·      Lead or support monthly service review meetings and quarterly executive briefings with MSSP clients.

·      Track and report SOC performance against SLA/KPI metrics such as MTTD, MTTR, FPR, and escalation compliance.

4. Incident Response Tabletop & Planning

·      Lead planning, execution, and reporting of Quarterly Incident Response Tabletop Exercises across MSSP environments.

·      Collaborate with stakeholders from technical, compliance, and business functions to simulate realistic attack scenarios.

·      Ensure deliverables include scenario documentation, participant actions, gaps identified, and remediation plans.

5. Process Development & Optimization

·      Own the development, maintenance, and continuous improvement of SOC playbooks, SOPs, and runbooks across tiers.

·      Align SOC processes with customer onboarding requirements (log source validation, escalation matrix, SLA definitions, tooling integration).

·      Drive change control and governance for detection rule updates, log onboarding, and tooling enhancements.

6. Threat Intelligence & Strategic Defense

·      Collaborate with L3 analysts to ensure threat intelligence is operationalized into detection content and hunt scenarios.

·      Stay informed on industry trends, APT groups, and emerging TTPs, ensuring the SOC adapts proactively