Description :

The SOC Lead will oversee 24/7 SOC operations, guide SOC analysts, drive threat detection and response maturity, and serve as a senior escalation and advisory point for clients. This role requires strong leadership, SIEM expertise, client handling skills, and the ability to manage complex cybersecurity incidents.

Key Responsibilities :

SOC Operations & Team Leadership:

- Lead and mentor SOC analysts (Trainee/L1/L2), ensuring quality incident monitoring and response.

- Manage SOC shift rosters and ensure uninterrupted 247 coverage.

- Review alerts, incident cases, and analyst performance metrics.

- Drive skill development and continuous improvement across the SOC team.

Incident Response & Escalation Management:

- Lead critical incident response activities and escalation handling.

- Conduct RCA, impact analysis, and post-incident reviews.

- Document incidents and prepare client-facing incident reports.

Threat Detection & Continuous Improvement:

- Support and enhance SIEM detection logic and use case development.

- Identify detection gaps and recommend improvements in telemetry and correlation.

- Work with engineering and DevSecOps teams for SIEM/EDR/SOAR enhancements.

- Track emerging threats and drive threat hunting initiatives.

Client Management & Communication:

- Act as the primary escalation point and interface for clients.

- Provide clear technical-to-business communication on incidents and risks.

- Deliver periodic SOC performance reviews, incident summaries, and intelligence briefings.

Qualifications & Requirements :

- 3+ years of SOC/IR experience (including 2+ years in L2/L3 role).

- Strong hands-on experience with SIEM, EDR, TI tools, and SOAR platforms.

- Strong understanding of Windows, Linux, network security fundamentals.

- Cloud knowledge across Microsoft Azure, AWS, and GCP.

- Team leadership or mentoring experience in a SOC setup.

- Excellent communication, analytical thinking, and stakeholder coordination.