Security Operations Center Manager

About the Role :

We are seeking a highly skilled and proactive SOC Manager to lead and mature our 24x7 Security Operations Center (SOC).

This role involves managing a team of 15-20 SOC analysts (L1, L2, and L3) across multiple customer environments.

The ideal candidate will drive operational excellence in threat detection, incident response, and SOC process improvement.

You will play a key role in supporting critical security operations and contribute to the overall maturity of our security posture.

The role also requires strong leadership, technical expertise, and the ability to communicate effectively with internal stakeholders and customers.

Key Responsibilities :

- As the SOC Manager, you will lead and manage a team of SOC analysts across different levels (L1, L2, L3) within the Security Operations Center.

- You will be responsible for ensuring the efficient and effective operation of the SOC, including acting as the primary Incident Responder for critical security incidents.

- You will conduct Root Cause Analysis (RCA) and develop Corrective and Preventive Actions (CAPA) to address security issues and improve response times.

- In addition to overseeing day-to-day operations, you will mentor and train junior SOC analysts, preparing them for advanced roles within the team.

- You will also support and co-lead SIEM migration projects in collaboration with SIEM Engineers, configuring and fine-tuning SIEM rules and use cases for enhanced threat detection.

- You will work closely with teams to integrate and troubleshoot log sources across various platforms and environments.

- You will be responsible for generating and presenting SOC KPIs and metrics to internal stakeholders and customers, ensuring the transparency and effectiveness of SOC operations.

- Leading technical tabletop exercises and collaborating with threat intelligence, vulnerability management, and engineering teams will be part of your responsibilities.

- Furthermore, you will support SOC maturity assessments and contribute to continuous improvement initiatives.

- Maintaining and enhancing SOC documentation, playbooks, and standard operating procedures will be essential in ensuring consistency and best practices across the SOC.

Required Skills and Experience :

- To succeed in this role, you must have at least 10+ years of experience in cybersecurity, with at least 4 years in a SOC leadership role.

- Experience managing multi-tenant environments or MSSP environments is crucial.

- You should have hands-on expertise with SIEM tools such as QRadar, Sumo Logic, Splunk, and Palo Alto SIEM, along with EDR tools like CrowdStrike and SentinelOne.

- A strong understanding of SIEM rule creation, use case development, and log source onboarding, integration, and troubleshooting is essential.

- You should also be well-versed in the incident response lifecycle and threat detection methodologies.

- Excellent communication and writing skills are required, as you will regularly present findings and metrics to customers and executives.

- Experience in producing and interpreting SOC metrics and dashboards is necessary.

- Familiarity with frameworks such as MITRE ATT&CK, NIST, and SANS will also be advantageous.

Preferred Qualifications :

- A Bachelors degree in Computer Science, Information Security, or a related field is preferred.

- Industry certifications such as CISSP, CISM, GCIA, GCIH, CEH, or equivalent are desirable.

- Experience with scripting (e.g., Python, PowerShell) for automation and enrichment would be a plus, as would exposure to cloud security monitoring in environments like AWS, Azure, and GCP.

Work Environment :

This role requires on-call availability and the ability to work in rotational shifts to ensure the 24x7 operation of the Security Operations Center