Description
We are looking for a highly technical SOC Lead to spearhead our Global Cybersecurity Operations team. In this role, you will own the 24/7/365 security operations ecosystem, driving the strategic and technical evolution of our modern cybersecurity operating model. You will be responsible for ensuring continuous monitoring coverage, serving as the ultimate technical escalation point, and architecting an advanced defense infrastructure.
We are scaling a modern, multi-cloud, intelligence-driven SOC that heavily leverages AI and cutting-edge automation. This role requires a hands-on technical leader who can seamlessly pivot between deep-dive cloud investigations, code-driven automation project management, and mentoring a high-performing engineering team.
Responsibilities:
- 24/7 Operational Oversight & Escalation – Design, build, and optimize the operational frameworks to support 24/7 monitoring. Serve as the critical escalation point, available to be paged to lead the response during high-impact security incidents.
- Advanced Investigations – Lead comprehensive, deep-dive investigations across all threat vectors - including endpoint, network, email, and identity - with a primary focus on complex multi-cloud environments (AWS, Azure, GCP). Utilize CNAPP, EDR/XDR, and digital forensics tools to track sophisticated threat actors and reconstruct full-kill chain breaches.
- AI & Automation Strategy – Architect and drive the roadmap for our agentic SOC. Oversee the development of autonomous AI-driven agents and optimize complex SOAR playbooks to minimize response times.
- Technical Project Leadership – Lead SOC initiatives focused on optimizing EDR platforms, enhancing Email Security Gateways, and driving proactive threat-hunting campaigns. Partner with dedicated Detection and SIEM Engineering teams by contributing operational threat insights.
- Incident Command & Response – Act as the technical Incident Commander during critical security events. Coordinate end-to-end incident response lifecycle tasks, making high-stakes decisions on mitigation and isolation.
- Mentorship & Talent Development – Actively mentor and elevate the technical skillsets of SOC analysts. Establish continuous learning frameworks, conduct technical tabletop exercises, and build a culture of engineering excellence.
Requirements:
- 8+ years of hands-on experience in Information Security, with at least 3+ years in a senior or lead technical capacity within a SOC or Incident Response team.
- Proven experience building or managing operational structures for 24/7 monitoring and on-call rotations.
- Deep technical mastery of modern security architectures, including EDR/XDR, Email Security Gateways, and Digital Forensics tools.
- Strong expertise in Cloud Security Forensics across AWS, Azure, and GCP, alongside experience utilizing CNAPP platforms.
- Strong programming and scripting skills (e.g., Python, Bash) to build custom API integrations and automation tooling.
- Experience with AI-augmented engineering and workflows, utilizing LLM methodologies (such as Claude Code, Gemini, or Codex) to automate defensive operations.
- Exceptional leadership capabilities with a track record of mentoring technical teams and managing high-stress incident scenarios.
- Flexibility to be paged outside of standard business hours as the escalation point for high-impact incidents.
We may use artificial intelligence tools to analyze the content of your Resume/CV against the specific requirements for the position. The purpose is to support our recruitment team in reviewing applications more effectively. These tools assist our recruitment team in their evaluation of your application by providing recommendations, but they do not replace human judgment. Final hiring decisions are ultimately made by humans who consider the insights generated by the tools along with other relevant information. If you would like more details about how your personal information is processed, please contact us.
Tags & focus areas
Used for matching and alerts on DevFound Lead Operations Security Aws Python Gcp Azure