Senior SOC Analyst (Team Lead)

Role Overview

We are seeking a Senior SOC Team Lead to oversee a 24/7 Security Operations Center responsible for detecting, investigating, and responding to cybersecurity threats. This role provides both strategic leadership and hands-on technical oversight across all SOC functions, ensuring the protection of the organization’s information systems.

The position combines operational management with advanced incident response expertise. The successful candidate will lead SOC analysts across multiple tiers while actively participating in investigations and maintaining high standards of detection, response, and continuous improvement.

Key Responsibilities

1. 24/7 Incident Response Leadership

• Direct and coordinate major incident response activities, including triage, containment, eradication, and recovery.
• Conduct root cause analysis and facilitate post-incident reviews.
• Evaluate incident severity and business impact, recommending appropriate remediation actions.
• Maintain and enhance incident response playbooks and escalation workflows.
• Serve as the escalation point for high-priority security events and executive-level communications.

2. Continuous Security Monitoring

• Oversee round-the-clock monitoring of SIEM, EDR, NDR, and related security telemetry platforms.
• Ensure proper alert validation, prioritization, and accurate triage across Tier 1 and Tier 2 teams.
• Identify threat patterns and anomalies indicating emerging risks.
• Develop and refine detection use cases, correlation rules, and monitoring configurations to improve coverage and effectiveness.

3. Email Threat Analysis & Security Validation

• Supervise investigations of phishing and suspicious email reports.
• Validate reported security concerns and recommend appropriate countermeasures.
• Lead in-depth analysis of malicious attachments, links, and email-based attack vectors.
• Ensure clear documentation and stakeholder communication of findings and remediation guidance.

4. Documentation, Reporting & Technical Oversight

• Ensure timely and accurate documentation of incidents, post-mortem analyses, and SOC performance metrics.
• Lead the preparation of weekly, monthly, and quarterly operational reports.
• Support digital forensic investigations as required.
• Oversee troubleshooting and optimization of security tools, collectors, agents, and sensor deployments.
• Review and fine-tune detection rules, baselines, and system configurations.
• Participate in business continuity and disaster recovery exercises.
• Support change management processes impacting SOC technologies and integrations.

5. Threat Intelligence & Proactive Hunting

• Lead threat intelligence collection, analysis, and dissemination of indicators of compromise (IOCs).
• Conduct and supervise proactive threat hunting and hypothesis-driven investigations.
• Monitor emerging vulnerabilities and threat advisories, ensuring timely internal awareness and validation.
• Oversee internal publication of threat intelligence summaries and situational reports.
• Manage initiatives related to brand protection, including monitoring impersonation attempts, potential data exposure, or misuse of organizational assets.

6. Leadership & Team Management

• Lead, mentor, and develop SOC analysts across Tier 1–Tier 3 levels.
• Ensure continuous 24/7 operational coverage, manage shift rotations, and oversee effective handovers between teams.
• Drive process optimization initiatives to enhance SOC maturity and operational efficiency.
• Coordinate with cybersecurity, infrastructure, and business continuity teams to ensure cohesive incident response.
• Conduct performance evaluations, identify skill gaps, and support training development plans.
• Foster a culture of accountability, collaboration, and operational excellence.
• Act as both a team lead and a hands-on senior analyst during assigned shifts.

Work Arrangements

• 100% onsite work during assigned shifts (primarily morning or mid-shift schedules).
• Role includes on-call responsibilities, particularly for critical (P1/P2) incidents. On-call duties may be shared within the senior team and are typically remote, though onsite presence may be required when necessary.
• Responsible for managing and supporting a 24x7 operational team.

Qualifications

Education

Bachelor’s degree in Computer Science, Information Technology, or a related discipline.

Experience

• 7–10 years of experience in cybersecurity operations.
• At least 3 years in a SOC leadership or senior analyst capacity.
• Demonstrated experience leading 24/7 SOC teams and managing major security incidents.
• Technical Expertise
• Strong knowledge of SIEM, SOAR, EDR, NDR, firewalls, IDS/IPS, and threat intelligence platforms.
• Deep understanding of recognized cybersecurity frameworks (e.g., MITRE ATT&CK, NIST, ISO 27001).
• Expertise in network, endpoint, and email security investigations.
• Proven skills in threat hunting, detection engineering, and playbook optimization.
• Experience with scripting or automation (e.g., Python, PowerShell) is advantageous.
• Preferred Certifications (Not Required)
• CISSP, CISM, GCIH, GCIA, GCFA, CEH, or equivalent credentials.
• Core Competencies
• Strong analytical and decision-making abilities under pressure.
• Effective leadership and stakeholder management skills.
• High attention to detail and structured problem-solving approach.
• Commitment to continuous learning and staying current with evolving threats and technologies.
• Ability to lead cross-functional collaboration during high-impact incidents.