SOC Lead - SIEM Platforms

Job Summary :

We are looking for a proactive and technically strong SOC Lead to support and guide the Security Operations team in monitoring, detecting, and responding to security incidents. The role involves hands-on work with SIEM platforms, log analysis, threat detection, and assisting in the implementation and optimization of security monitoring solutions.

The ideal candidate should have experience working in a SOC environment, strong analytical skills, and the ability to guide analysts in incident investigation and response.

Key Responsibilities :

SOC Monitoring & Incident Response :

- Monitor security alerts and events generated by SIEM platforms.

- Investigate security incidents and support containment and remediation activities.

- Perform log analysis and correlate events to identify potential threats or suspicious activities.

- Escalate critical incidents and coordinate with internal teams for resolution.

SIEM Administration & Log Management :

- Support SIEM implementation, configuration, and daily administration.

- Onboard and integrate logs from various sources including firewalls, endpoints, cloud services, and applications.

- Ensure proper log parsing, normalization, and categorization.

Detection Engineering :

- Assist in developing and tuning correlation rules and detection use cases.

- Reduce false positives by optimizing existing alert rules.

- Implement threat detection logic aligned with frameworks such as MITRE ATT&CK.

Team Coordination :

- Guide junior SOC analysts during investigations and incident handling.

- Review alerts handled by analysts and ensure proper documentation.

- Support knowledge sharing and contribute to SOC process improvements.

Documentation & Reporting :

- Maintain documentation related to incident handling procedures and use cases.

- Prepare incident reports and support compliance or audit requirements.

- Track and report SOC metrics such as alert volumes, incident trends, and response times.

Required Skills & Qualifications :

Experience :

- 4+ years of experience in Cybersecurity or Security Operations Center (SOC).

- Hands-on experience working with SIEM platforms such as Splunk, Microsoft Sentinel, QRadar, or Elastic.

Technical Skills :

- Strong understanding of SIEM monitoring, log analysis, and incident investigation.

- Knowledge of networking concepts including TCP/IP, DNS, HTTP, and firewall logs.

- Basic scripting or automation knowledge using Python, PowerShell, or Bash is an advantage.

- Familiarity with EDR tools, cloud security logs, and endpoint monitoring.

Security Knowledge :

- Understanding of security frameworks such as MITRE ATT&CK, NIST, or ISO 27001.

- Knowledge of common attack techniques, threat indicators, and security monitoring practices.

Preferred Qualifications :

- Relevant certifications such as Security+, CEH, Splunk, or Microsoft Sentinel.

- Experience working in a 24/7 SOC environment.

- Exposure to SOAR tools or automation in security operations.