The SOC Lead is responsible for leading the Security Operations Center (SOC) by supporting cybersecurity incident response, security engineering, and incident management functions at an executive level. This role ensures effective threat detection, strategic incident response, continuous security improvements, and regulatory compliance while driving innovation and automation within the SOC.
Requirements
- Support and oversee the end-to-end incident management process
- Assist in the development and execution of incident response plans
- Manage the SOC's response to high-severity security incidents
- Ensure effective coordination between SOC teams, IT, legal, and compliance during security events and post-incident activities
- Monitor and support the root cause analysis and remediation efforts to prevent incident recurrence
- Assist in the execution of incident response drills, tabletop exercises, and training programs
- Manage and oversee the deployment, configuration, and optimization of security technologies
- Assist in evaluating and integrating new security technologies
- Support efforts to enhance security monitoring, automation, and alerting mechanisms
- Oversee the maintenance and continuous improvement of security infrastructure
- Execute initiatives to optimize security tools, fine-tune detection mechanisms, and reduce false positives
- Manage vendor relationships and assist in evaluating third-party security solutions
- Oversee the analysis, classification, and triage of security incidents
- Support the investigation of security incidents
- Assist in managing and fine-tuning threat intelligence processes
- Ensure forensic analysis and evidence collection follow industry best practices
- Manage and support communication between SOC teams, senior leadership, and external stakeholders
- Ensure timely and accurate reporting of security incidents
- Assist in the execution of post-incident reviews and lessons learned exercises
- Support compliance efforts by ensuring adherence to NIST, ISO 27001, GDPR, PCI-DSS, and other relevant security frameworks
- Oversee the documentation of incident reports, security policies, procedures, and operational workflows
- Manage and oversee the refinement of SOC processes, workflows, and response strategies
- Assist in developing and executing automation initiatives
- Ensure continuous improvements in incident detection, investigation, and mitigation strategies
