Art Technology and Software - Security Operations Center Lead

Description :

- Collaborate with Threat Detection, Incident Response, and Threat Hunting teams to validate and escalate potential threats.

- Oversee quality assurance of security tickets and ensure accurate root cause and kill chain identification.

- Manage the design and optimization of detection rules, threat correlation logic, and playbooks within SIEM/SOAR tools.

- Provide subject matter expertise in high-severity incident response and containment, ensuring coordinated communication with clients and internal stakeholders.

- Conduct and support Purple Team simulations and threat validation exercises to assess detection efficacy.

- Mentor and guide SOC analysts, fostering technical growth and enforcing operational discipline.

- Coordinate with enterprise teams on email and cloud security incidents, leading Proofpoint and Microsoft 365 Defender investigations.

- Define and maintain documentation including incident response procedures, triage guides, and detection playbooks.

- Contribute to automation initiatives to reduce repetitive manual work and improve response efficiency.

Additional Responsibilities :

- Oversee SIEM administration, including connector management, health monitoring, log source onboarding, and retention optimization.

- Define and enforce triage standards for SIEM alerts, ensuring consistent severity classification, enrichment, and correlation logic.

- Evaluate and enhance SIEM use case lifecycle management-from requirements gathering to rule tuning, false-positive reduction, and KPI reporting.

- Drive continuous improvement of SIEM detection coverage, aligning with threat models, MITRE ATT&CK techniques, and emerging adversary behaviors.

Core Skills And Experience :

- Hands-on expertise with multiple SIEM platforms (e.g., AWS, Azure Wazuh, Splunk, Log360, Elastic).

- Proficient with leading EDR tools such as CrowdStrike, Microsoft Defender, SentinelOne, Fortinet.

- Strong working knowledge of Email Security (TAP, DLP, Threat Response, SPF/DKIM/DMARC) tools such as FortiMail, Microsoft Purview, Proofpoint

- Expertise in attack vectors, MITRE ATT&CK mapping, threat analysis, and incident containment strategies.

- Solid understanding of enterprise infrastructure - networks, firewalls, endpoint platforms, OS

(Windows/Linux), and web applications.

- Excellent knowledge of cloud security operations across Azure, AWS, and Google Cloud.

- Awareness of major security frameworks: ISO 27001, NIST, CIS, OWASP, and PCI DSS.

- Functional knowledge of SOAR automation and orchestration workflows.

Leadership and Delivery :

- Conduct regular performance reviews and provide knowledge-sharing sessions to elevate SOC maturity.

- Liaise with customers to discuss incident outcomes, mitigations, and improvement recommendations.

- Manage process documentation and enforce consistent global SOC methodologies.

Desired Certifications :

- Vendor-specific credentials (Microsoft, Proofpoint, or SIEM/EDR certifications) preferred.

Additional Attributes :

- Excellent communication and presentation abilities.

- Self-driven with ability to manage multiple escalations under pressure.

- Flexible to work in a 24x7 rotational environment if required.