Team lead SOC

Responsibilities

Lead end-to-end incident response activities, from preparation through containment, eradication, recovery, and lessons learned.

Perform advanced triage across host, network, and cloud environments.

Perform quality control (QC) on analysis results and reports produced by security analysts.

Review threat hunting outcomes and proactively communicate findings, including indicators of compromise (IOCs), behavioral patterns, TTP-based insights, and anomaly-driven detections.

Design, fine‑tune, and propose detection rules (e.g., YARA, Sigma, KQL, SPL, CrowdStrike RTR) aligned with the MITRE ATT&CK framework.

Provide technical leadership and mentorship to L1/L2 analysts and support decision‑making during incident war‑room sessions.

Qualifications

Strong experience in incident response, threat hunting, and detection engineering.

Proven ability to lead under pressure and deliver clear, concise technical and executive‑level reports.

Strong analytical skills with the ability to perform contextual analysis across diverse security logs (e.g., EDR, Sysmon, firewall, AWS/GCP/Azure audit logs).

Strong threat intelligence and root‑cause analysis mindset.

Bachelor’s degree (S1) in a technical field (e.g., Computer Science, Information Security, Engineering).

Relevant cybersecurity certifications are preferred.

Minimum of 5 years of experience

working in a Security Operations Center (SOC).

Seniority Level

Mid‑Senior level

Employment Type

Full‑time

Job Function

Engineering and Information Technology

Industries

IT Services and IT Consulting

Computer and Network Security

Information Services

#J-18808-Ljbffr