Saint Fox - SOC Head Architect - NIST/SIEM

Description :

- Define and own end-to-end SOC architecture (People, Process, Technology).

- Design scalable SOC models MSSP SOC, Hybrid SOC, Cloud SOC, and In-house SOC.

- Establish SOC maturity models aligned with frameworks such as NIST CSF, NIST 800-61, ISO 27001, and MITRE ATT&CK.

- Drive roadmap planning for SOC modernization, automation, and AI-led detection.

Pre-Sales & Customer Advisory :

- Engage with CISOs, CXOs, and security leadership to understand business risks and SOC requirements.

- Lead technical discovery, architecture workshops, and solution design discussions.

- Own SOC-related RFP/RFI responses, solution blueprints, and pricing inputs.

- Present SOC architecture, use cases, and value propositions to enterprise customers.

- Support PoCs for SIEM, SOAR, EDR/XDR, UEBA, and Threat Intelligence platforms.

SOC Engineering & Operations Enablement :

- Design detection strategies, correlation rules, and use-case frameworks.

- Define SOC workflows for alert triage, incident response, threat hunting, and escalation.

- Architect SOAR playbooks for automated response and enrichment.

- Guide log source onboarding, data normalization, and retention strategies.

- Ensure SOC performance metrics (MTTD, MTTR, false positives, coverage).

Post-Sales & Delivery Governance :

- Provide architectural oversight during SOC deployments and transitions.

- Review and validate configurations, dashboards, and reporting frameworks.

- Mentor SOC managers, architects, and L2/L3 analysts.

- Act as escalation point for complex incidents and architectural challenges.

- Collaborate with OEMs for advanced troubleshooting and roadmap alignment.

Required Skills & Qualifications :

- 8+ years in SOC architecture or leadership roles.

- Proven experience designing and managing enterprises or MSSP SOCs.

Technical Expertise :

- SIEM : Splunk, IBM QRadar, LogRhythm, ArcSight, Sentinel, etc.

- SOAR : Palo Alto Cortex XSOAR, Splunk Phantom, Swimlane, etc.

- EDR/XDR : CrowdStrike, SentinelOne, Microsoft Defender, Trellix.

- NDR : Darktrace, Vectra, ExtraHop (or equivalent).

- Threat Intelligence : Anomali, MISP, Recorded Future, etc.

- Cloud Security : AWS/Azure/GCP logging, CSPM, CNAPP integration.

- Strong understanding of detection engineering, threat hunting, and IR playbooks.

Frameworks & Standards :

- MITRE ATT&CK, Cyber Kill Chain.

- NIST CSF, NIST 800-61, ISO 27001.

- Zero Trust Architecture, SOC maturity models.

What We Offer :

- Competitive salary and benefits package.

- Opportunities for professional growth and advancement.

- Exposure to cutting-edge technologies and projects.

- A collaborative and supportive work environment.