SOC Lead

We are looking for a SOC Lead to lead and scale the company’s Security Operations Center, ensuring high-quality incident response, efficient security monitoring, and continuous improvement of detection and response capabilities.

This role is critical in bridging the gap between having security tools and operating a mature, scalable, and measurable security operations function.

You will work closely with the SOC team and technical stakeholders to improve alert quality, reduce operational inefficiencies, strengthen incident response workflows, and enhance the organization’s ability to detect and respond to modern cyber threats across infrastructure, cloud environments, and critical assets.

Responsibilities:

• Lead and coordinate the SOC analyst team, including task prioritization, mentoring, and quality control
• Oversee daily SOC operations: monitoring, alert triage, investigations, escalation handling, and incident coordination
• Support and drive complex/high-severity incident investigations through containment and remediation
• Improve SIEM detections, reduce false positives, and optimize alert quality and workflows
• Develop and maintain SOC playbooks, runbooks, and operational procedures
• Drive automation and process improvements to reduce analyst workload and improve SOC efficiency
• Track SOC KPIs (MTTD, MTTR, SLA, alert quality) and provide operational reporting
• Collaborate with Security & Risk and technical teams to strengthen overall security operations

Required Skills & Experience:

• 5+ years of experience in SOC, Incident Response, or Security Operations
• Experience leading SOC teams or acting as a technical lead
• Strong hands-on experience with SIEM, EDR/XDR, and incident management processes
• Experience handling complex security incidents and improving detection quality
• Understanding of MITRE ATT&CK, threat detection, and SOC best practices
• Strong analytical, communication, and stakeholder management skills

Nice to Have:

• Experience with cloud security (AWS, Azure, GCP)
• Experience with SOAR, automation, or scripting
• Security certifications such as CISSP, GCIH, GCIA, SC-200, Splunk, or similar

The company offers:

• Official employment with a competitive salary and clear, transparent terms of cooperation.
• Paid vacation (24 calendar days per year) and paid sick leave.
• Support for your professional growth — the company is actively expanding, and you’ll have the opportunity to grow together with it.
• An atmosphere of trust, open communication, and leadership — initiative is welcomed, ideas are brought to life, and the team supports your progress.