Senior SOC Operations Lead

About the Role

The Senior SOC Operations Lead is a key position that oversees the daily operations of our Security Operations Center (SOC). This senior-level role provides strategic leadership and technical guidance to ensure the highest level of security operations for our clients.

Responsibilities

• Lead by example, providing technical guidance and oversight to Tier 1 and Tier 2 analysts.
• Conduct regular training sessions, offer coaching, and facilitate continuous skill development for the team.
• Develop and implement plans for relevant certifications for Tier 1 and Tier 2 analysts, ensuring proper progression with certifications arranged yearly.

Threat Hunting and Incident Analysis

• Actively hunt for threats, identify unknown vulnerabilities, and close security gaps within networks.
• Identify all security attack vectors, classify incidents, and assess their impact.
• Review all escalations from Tier 1 and Tier 2 analysts, ensuring comprehensive analysis and daily updates to the SOC Manager and Head of SOC.
• Proactively update documentation, processes, workflows, and other operational aspects for continuous improvement.

SIEM/SOAR/Ticketing and Incident Response

• Oversee and optimize SIEM operations, ensuring effective log correlation and alert management.
• Manage SOAR platform implementations to automate incident response workflows and reduce manual intervention.
• Supervise ticketing systems to ensure proper incident tracking, escalation, and resolution documentation.
• Lead complex incident response activities, coordinating with internal teams and external stakeholders.

False Positive Management

• Collaborate with Tier 2 analysts to gather feedback and evidence on false positives.
• Work closely with the Threat Detection Team to reduce false positives across all customers.
• Ensure consistent application of false positive reduction measures for all clients.

Threat Intelligence

• Disseminate threat intelligence news and updates to all security analysts, ensuring the team remains informed about emerging threats and attack techniques.

Operational Excellence

• Maintain oversight of SOC processes to ensure compliance and operational effectiveness.
• Plan and implement improvements to SOC operations, focusing on proactive threat detection and response.
• Monitor and 'police' SOC workflows, providing tracking and daily updates to SOC leadership.

Requirements

• Extensive experience in SOC operations, including threat hunting and advanced incident analysis.
• Strong understanding of SIEMs, threat intelligence platforms, and security tools.
• Hands-on experience with SIEM/SOAR platforms and ticketing systems for incident response management.
• Leadership experience with a track record of mentoring and developing security teams.
• Excellent communication, documentation, and organizational skills.
• Ability to handle high-pressure situations and critical security incidents effectively.
• A collaborative mindset to work effectively with other SOC tiers and managers.
• Strong analytical and problem-solving skills to address complex security challenges.

Preferred Technology Experience

• GoogleSecOps platform experience highly preferred.
• Fortinet security solutions experience preferred.
• Cloudflare security services experience preferred.

Professional Development and Certifications

• Minimum certification requirement: ECIH or GCIH or equivalent incident handling certification.
• Additional preferred certifications: CISSP, CISM, GIAC, OSCP, GCFA.
• Commitment to continuous learning to stay updated with the latest security trends and technologies.
• Adherence to SOC playbooks, standard operating procedures, and compliance requirements.

Work Environment and Schedule

• Primary schedule: Office hours (standard business hours).
• Must be willing to support shift operations during High Severity Incidents, which may include being activated to work on-shift during critical incidents, or remaining on standby to provide operational support as needed.
• Willingness to support outside of regular hours during operational exigencies.

---