Senior SOC Team Lead

The Senior Security Operations Center (SOC) Team Lead is responsible for leading a 24/7 security operations team in detecting, responding to, and mitigating cybersecurity incidents. The role oversees all SOC functions from monitoring, incident response, and threat intelligence, to documentation and process improvement ensuring effective protection of the organizations information systems. This position also provides technical leadership, mentoring, and direction to SOC analysts (L1L3), ensuring adherence to procedures, continuous improvement of playbooks, and alignment with the organizations cybersecurity strategy. The role blends hands-on technical expertise with leadership and operational management, ensuring that both people and platforms perform at optimal levels

KEY RESPONSIBILITIES
A. 24/7 Incident Response

• Lead and coordinate incident response activities, ensuring rapid triage, containment, eradication, and recovery.
• Perform detailed root cause analysis and post-incident reviews.
• Assess incident severity, impact, and recommend appropriate mitigation actions.
• Optimize and maintain incident response playbooks and escalation procedures.

B. 24/7 Alerts Monitoring

• Oversee continuous monitoring of SIEM, EDR, NDR, and other telemetry sources for suspicious activities.
• Validate alerts, prioritize incidents, and ensure accurate triaging by L1 and L2 teams.
• Identify patterns or anomalies that may indicate emerging threats.
• Develop and refine detection use cases and correlation rules to enhance detection coverage.

C. Suspicious Email Analysis and Security Validations

• Supervise the analysis and remediation of reported phishing and suspicious emails.
• Validate cybersecurity concerns and recommend appropriate countermeasures.
• Perform deep-dive investigations on email threats, malicious attachments, and URLs.
• Ensure accurate documentation and communication of analysis results and recommendations to relevant stakeholders.

D. Documentation, Reporting, and Other Technical Tasks

• Ensure timely and accurate documentation of incident reports, post-mortems, and SOC metrics.
• Lead the preparation of weekly, monthly, and quarterly SOC reports.
• Participate in investigations and digital forensics activities.
• Support troubleshooting of collector nodes, agents, and sensor deployments
  (e.g., MXDR, EDR, SIEM collectors).
• Review and fine-tune detection rules and configuration baselines.
• Participate in business continuity and recovery plan exercises.
• Support change management processes relevant to SOC systems and integrations.
  

E. Threat Intelligence and Threat Hunting

• Lead threat intelligence collection, analysis, and dissemination of indicators of compromise (IOCs).
• Perform and oversee proactive threat hunting and hypothesis-driven investigations.
• Manage brand protection initiatives such as detection of impersonations, data leaks, or misuse of company trademarks.
• Monitor and track newly released vulnerabilities and threat advisories, ensuring timely communication and validation.
• Oversee publication of internal threat intelligence advisories and situational awareness reports.

III. LEADERSHIP & TEAM MANAGEMENT

• Lead and mentor SOC analysts across all tiers (L1L3), fostering technical growth and knowledge sharing.
• Ensure 24/7 operational coverage, manage shift rotations, and oversee incident handover between shifts.
• Drive continuous process improvements to enhance SOC maturity and efficiency.
• Liaise with other cybersecurity, infrastructure, and business continuity teams to ensure cohesive response and alignment.
• Conduct periodic team performance reviews, skill gap analysis, and training plans.
• Serve as escalation point for high-priority incidents and executive communications.
• Promote a culture of accountability, learning, and operational excellence within the SOC.

QUALIFICATIONS

• Education: Bachelor's degree in Computer Science, Information Technology, or related field.
• Experience:
  • Minimum 7-10 years in cybersecurity operations, with at least 3 years in a SOC leadership or senior analyst role.
  • Proven experience leading 24/7 SOC teams and handling major incident response.
• Technical Competencies:
  • Strong understanding of SIEM, SOAR, EDR, NDR, Firewalls, IDS/IPS, and threat intelligence platforms.
  • Deep knowledge of cybersecurity frameworks (MITRE ATT&CK, NIST, ISO 27001, etc.).
  • Proficient in network, endpoint, and email security investigations.
  • Skilled in threat hunting, detection rule tuning, and playbook optimization.
  • Experience with scripting or automation (Python, PowerShell) is an advantage.
• Certifications (Preferred /Not necessarily required):
  • CISSP, CISM, GCIH, GCIA, GCFA, CEH, or equivalent.