SOC Team Lead – Security Operations Center

About the role

As a Security Operations Center (SOC) Team Lead, you will protect the organization against evolving cyber threats by overseeing daily security monitoring and incident response. Reporting to the Chief Information Security Officer, you will guide a team of analysts, ensure accurate incident documentation, and continuously improve detection capabilities.

Key responsibilities

• Lead, mentor, and coordinate the workload of SOC analysts.
• Oversee real‑time monitoring of alerts from SIEM, EDR, and related tools.
• Investigate incidents using playbooks and act as escalation point for complex cases.
• Document investigations and produce incident reports.
• Tune SIEM rules, detection logic, and alerting workflows.
• Maintain SOC dashboards, metrics, and KPIs, reporting trends to leadership.
• Support incident‑response exercises and ongoing SOC training.
• Improve SOC processes, runbooks, and SOPs.
• Collaborate with IT and cloud teams to integrate security monitoring into new systems.

Required profile

• 7‑10 years of experience in cybersecurity, security operations, or security engineering.
• Proven leadership experience in a SOC or similar environment.
• Strong analytical skills and ability to communicate findings to technical and non‑technical stakeholders.
• Solid understanding of attacker tactics, techniques, and procedures (MITRE ATT&CK).
• Familiarity with ISO 27001 controls and common threat vectors.

Required skills

• SIEM platforms (e.g., Splunk, QRadar)
• Endpoint Detection and Response (EDR) tools
• Security Orchestration, Automation and Response (SOAR) solutions
• Log analysis and network security technologies
• MITRE ATT&CK framework
• ISO 27001 security framework
• Cloud security experience with AWS and/or Azure (optional)
• Security certifications such as Security+, GCIH, GCIA, or CISSP (optional)