Security Operations Center SOC Shift Lead

About Xerox Holdings Corporation

For more than 100 years, Xerox has continually redefined the workplace experience. Harnessing our leadership position in office and production print technology, we’ve expanded into software and services to sustainably power the hybrid workplace of today and tomorrow. Today, Xerox is continuing its legacy of innovation to deliver client-centric and digitally-driven technology solutions and meet the needs of today’s global, distributed workforce. From the office to industrial environments, our differentiated business and technology offerings and financial services are essential workplace technology solutions that drive success for our clients. At Xerox, we make work, work. Learn more about us at www.xerox.com.

We are seeking a Security Operations Center (SOC) Shift Lead responsible for leading real-time SOC operations during assigned shifts. This role ensures effective incident detection, response, and escalation while maintaining operational efficiency, adherence to service level agreements (SLAs), and alignment across cybersecurity functions. The Shift Lead

provides operational leadership, technical guidance, and coaching to SOC analysts to ddrive consistent shift performance, high-quality investigations, and continuous improvement of SOC processes.

Key Responsibilities:

Shift Operations & Command Leadership

• Provide operational command to ensure efficient and consistent monitoring, triage, and response activities, with full visibility of shift priorities.
• Manage workload distribution, monitor queue health, and ensure timely resolution of alerts and incidents in line with defined SLAs.
• Facilitate structured handovers to ensure clear communication of ongoing incidents, risks, and priorities across shifts.
• Continuously assess threat severity and business impact to ensure high-risk incidents are addressed promptly.
  
  

• Serve as the central authority to ensure critical incidents are quickly identified, communicated, and managed.
• Make timely, risk-informed decisions on escalation, containment, and remediation to minimize business impact.
• Guide analysts in conducting thorough, evidence-based investigations to identify root causes and prevent recurrence.
• Enforce clear, consistent case documentation to support auditability, knowledge sharing, and continuous improvement.
  
  

• Track and analyze key performance indicators (e.g., MTTA, MTTR, escalation accuracy, backlog) to ensure operational effectiveness and identify improvement opportunities.
• Support SOC analysts during investigations by offering direction, feedback, and escalation guidance to improve decision-making and technical capability.
• Monitor team performance, reinforcing accountability for quality, timeliness, and adherence to SOC standards.
• Enable team alignment and readiness by sharing key updates, threat intelligence insights, and operational priorities during shift meetings.
• Mentor and train new team members to ensure they are equipped with the skills and knowledge required for effective SOC operations.
  
  

• Work closely with Detection Engineering, CTI, and CSIRT teams to align on threat priorities, detection tuning, and incident response strategies.
• Identify gaps in detection and response processes and implement improvements to enhance SOC efficiency and effectiveness.
• Promote the adoption of automation and emerging technologies (e.g., AI-driven tools) to streamline operations and reduce manual workload.
  
  

• Bachelors degree in computer science, Information Technology, or a related field (or equivalent practical experience).
• Minimum of 5 years of experience in IT or cybersecurity, with hands-on exposure to SOC operations, incident response, or threat management.
• Strong understanding of SOC operations, including threat monitoring, investigation, and incident response.
• IAM/IdP telemetry, cloud audit logs, email security, and network telemetry.
• Knowledge of incident response frameworks and methodologies.
• Familiarity with network security, endpoints, identity, and cloud environments.
• Proven leadership experience in shift management, incident escalation, and team coaching within a SOC environment.
• Ability to manage multiple concurrent investigations in a fast-paced, 24/7 operational environment, including clean handoffs across shifts.
• Strong analytical and problem-solving skills, with the ability to conduct hypothesis-driven investigations and produce defensible conclusions.
• Strong written and verbal communication skills, with the ability to collaborate effectively across teams and produce clear, audit-ready documentation.
• Working knowledge of AI-assisted security operations, including awareness of limitations such as false positives, bias, and model inaccuracies, with a strong emphasis on validation and evidence-based decision-making.
• Demonstrated discipline in handling sensitive data, including adherence to data minimization practices and use of approved tools when leveraging AI technologies.
  
  

• Certifications such as CompTIA Security+, CEH, GIAC (e.g., GCIH/GCIA/GMON), or similar.
• Experience with MITRE ATT&CK mapping and using it to structure investigations and communicate findings.
• Experience investigating cloud environments (AWS, Azure) and interpreting cloud/SaaS audit telemetry.
• Experience with scripting or query languages (e.g., Python, PowerShell, SQL) for basic enrichment, log parsing, and analysis.
• Experience executing SOAR playbooks with appropriate human-in-the-loop approvals and validation/rollback awareness.
• Experience contributing to detection improvements (writing/adjusting SIEM queries, proposing tuning changes, documenting repeatable triage logic).