Responsibilities

• Design and architect the SOC infrastructure, including SIEM platforms, EDR/XDR solutions, and security automation frameworks
• Develop and maintain the security monitoring architecture, including log collection, correlation rules, and alert pipelines
• Create and optimize detection strategies based on threat intelligence and adversary tactics, techniques, and procedures (TTPs)
• Lead incident response planning and playbook development for various threat scenarios
• Establish metrics and KPIs to measure SOC effectiveness and drive continuous improvement
• Mentor and provide technical guidance to SOC analysts and incident responders
• Collaborate with other security teams to ensure comprehensive coverage of security controls
• Evaluate and recommend new security tools and technologies to enhance detection and response capabilities

Required Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, or related field
• 8+ years of experience in cybersecurity with at least 5 years focused on SOC operations and architecture
• Deep expertise in SIEM platforms (Splunk, ELK, or similar) and EDR/XDR solutions
• Strong understanding of threat detection methodologies and incident response frameworks
• Experience with security orchestration and automation (SOAR) platforms
• Proven track record of building and optimizing SOC operations
• Knowledge of common attack frameworks (MITRE ATT&CK) and threat intelligence platforms
• Experience with cloud security monitoring (AWS, Azure, GCP)

Required Skills

• Strong leadership and team management abilities
• Excellent problem-solving and analytical skills
• Advanced knowledge of network protocols and security concepts
• Ability to communicate complex security concepts to technical and non-technical stakeholders
• Strong project management and documentation skills
• Experience working in high-pressure security incident scenarios