Lead SOC Engineer

Role: Lead SOC Engineer

Role Overview

We are seeking a Lead SOC Engineer to own and mature Security Operations capabilities across the organization. This role is responsible for threat detection, incident response leadership, SOC maturity, automation, and operational effectiveness across enterprise security controls including SIEM, EDR/XDR, DLP, WAF and Cloud Security monitoring.

The role requires strong technical depth, operational leadership, and the ability to translate security incidents into business risk.

Key Responsibilities

SOC Operations & Governance

• Own end-to-end Security Operations capabilities including monitoring, detection, and response
• Define and enforce SOC processes, SLAs, KPIs, and escalation models
• Act as the escalation point for critical security incidents.
• Drive periodic SOC audits, tabletop exercises, and incident simulations
• Continuously improve SOC operating model and response readiness

Detection & Control Effectiveness

• Define and own detection strategy across SIEM, EDR/XDR, Web DLP, WAF, and Cloud Security tools
• Ensure comprehensive log and telemetry onboarding from endpoints, identity, network, web applications, and cloud workloads
• Review and continuously improve detection rules, correlation logic, and security policies
• Reduce false positives while improving detection coverage aligned to MITRE ATT&CK

Incident Response & Crisis Management

• Lead cross-functional response during major security incidents with IT, Cloud, Legal, Compliance, and Leadership
• Drive containment, eradication, and recovery actions
• Lead root cause analysis (RCA) and define corrective and preventive measures
• Own executive communication, impact assessment, and regulatory notifications (as applicable)

Security Controls Oversight

• Govern operational effectiveness of:
• EDR/XDR malware, ransomware, lateral movement detection
• Web DLP data exfiltration prevention and policy tuning
• WAF attack detection, rule tuning, and false-positive reduction
• Ensure effective integration of security controls with SIEM and automation platforms

Automation & SOC Maturity

• Define SOC automation and orchestration roadmap (SOAR)
• Drive AI/ML-assisted alert triage, enrichment, prioritization, and response
• Track and improve SOC metrics such as MTTD, MTTR, alert quality, and coverage
• Continuously improve SOC maturity aligned with business risk

Reporting & Stakeholder Engagement

• Deliver executive-level SOC dashboards and security posture reports
• Translate technical incidents into clear business risk narratives
• Support audits, certifications, and regulatory assessments from SOC standpoint

Required Skills & Experience

Core Experience

• 5+ years in SOC, Incident Response, or Security Operations
• Strong hands-on experience with:
• SIEM platforms (Splunk, Sentinel, QRadar, Elastic, etc.)
• EDR/XDR (CrowdStrike, Defender, SentinelOne, etc.)
• Web DLP and data protection technologies
• WAF solutions (Cloudflare, Akamai, AWS WAF, etc.)
• Cloud security monitoring (AWS / Azure / GCP)

Security & Process Knowledge

• Deep understanding of MITRE ATT&CK, threat actor TTPs, and kill chains
• Experience with NIST / SANS Incident Response frameworks
• Strong documentation, RCA, and executive reporting skills

Good to Have

• SOAR experience
• CNAPP / CSPM / CWPP exposure
• AI-driven SOC automation and detection engineering
• Certifications: GCIH, GCED etc.