Senior SOC Team Lead

The Senior Security Operations Center (SOC) Team Lead is responsible for leading a 24/7 security operations team in detecting, responding to, and mitigating cybersecurity incidents. The role oversees all SOC functions — from monitoring, incident response, and threat intelligence, to documentation and process improvement — ensuring effective protection of the organizations information systems. This position also provides technical leadership, mentoring, and direction to SOC analysts (L1–L3), ensuring adherence to procedures, continuous improvement of playbooks, and alignment with the organizations cybersecurity strategy. The role blends hands-on technical expertise with leadership and operational management, ensuring that both people and platforms perform at optimal levels

II. KEY RESPONSIBILITIES

A. 24/7 Incident Response

Lead and coordinate incident response activities, ensuring rapid triage,

containment, eradication, and recovery.

Perform detailed root cause analysis and post-incident reviews.

Assess incident severity, impact, and recommend appropriate mitigation actions.

Optimize and maintain incident response playbooks and escalation procedures.

B. 24/7 Alerts Monitoring

Oversee continuous monitoring of SIEM, EDR, NDR, and other telemetry sources

for suspicious activities.

Validate alerts, prioritize incidents, and ensure accurate triaging by L1 and L2

teams.

Identify patterns or anomalies that may indicate emerging threats.

Develop and refine detection use cases and correlation rules to enhance

detection coverage.

C. Suspicious Email Analysis and Security Validations

Supervise the analysis and remediation of reported phishing and suspicious

emails.

Validate cybersecurity concerns and recommend appropriate countermeasures.

Perform deep-dive investigations on email threats, malicious attachments, and

URLs.

Ensure accurate documentation and communication of analysis results and

recommendations to relevant stakeholders.

D. Documentation, Reporting, and Other Technical Tasks

Ensure timely and accurate documentation of incident reports, post-mortems,

and SOC metrics.

Lead the preparation of weekly, monthly, and quarterly SOC reports.

Participate in investigations and digital forensics activities.

Support troubleshooting of collector nodes, agents, and sensor deployments

(e.g., MXDR, EDR, SIEM collectors).

Review and fine-tune detection rules and configuration baselines.

Participate in business continuity and recovery plan exercises.

Support change management processes relevant to SOC systems and

integrations.

E. Threat Intelligence and Threat Hunting

Lead threat intelligence collection, analysis, and dissemination of indicators of

compromise (IOCs).

Perform and oversee proactive threat hunting and hypothesis-driven

investigations.

Manage brand protection initiatives such as detection of impersonations, data

leaks, or misuse of company trademarks.

Monitor and track newly released vulnerabilities and threat advisories, ensuring

timely communication and validation.

Oversee publication of internal threat intelligence advisories and situational

awareness reports.

III. LEADERSHIP & TEAM MANAGEMENT

Lead and mentor SOC analysts across all tiers (L1–L3), fostering technical growth

and knowledge sharing.

Ensure 24/7 operational coverage, manage shift rotations, and oversee incident

handover between shifts.

Drive continuous process improvements to enhance SOC maturity and efficiency.

Liaise with other cybersecurity, infrastructure, and business continuity teams to

ensure cohesive response and alignment.

Conduct periodic team performance reviews, skill gap analysis, and training plans.

Serve as escalation point for high-priority incidents and executive

communications.

Promote a culture of accountability, learning, and operational excellence within

the SOC.

Qualification

• Education: Bachelors degree in Computer Science, Information Technology, or related field
• Experience:
• Minimum 7–10 years in cybersecurity operations, with at least 3 years in a SOC leadership or senior analyst role.
• Proven experience leading 24/7 SOC teams and handling major incident response.
  
• Technical Competencies:
• Strong understanding of SIEM, SOAR, EDR, NDR, Firewalls, IDS/IPS, and threat intelligence platforms.
• Deep knowledge of cybersecurity frameworks (MITRE ATT&CK, NIST, ISO 27001, etc.).
• Proficient in network, endpoint, and email security investigations.
• Skilled in threat hunting, detection rule tuning, and playbook optimization.
• Experience with scripting or automation (Python, PowerShell) is an advantage.
  
• Certifications (Preferred /Not necessarily required):
• CISSP, CISM, GCIH, GCIA, GCFA, CEH, or equivalent.