SOC Architect

About Gruve

Gruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks.

About the Role:

The SOC Architect is responsible for designing, implementing, and optimizing the overall architecture of the Security Operations Center. This role ensures that the SOC's infrastructure, tools, integrations, and processes are built for scalability, resilience, and effectiveness in detecting and responding to cyber threats. The SOC Architect bridges the gap between security engineering, operations, and strategy - ensuring the SOC is aligned with business objectives and industry best practices.

Key Responsibilities:

Roles & Responsibilities:

• Design and define the end-to-end architecture of the SOC including SIEM, SOAR, EDR/XDR, NDR, Threat Intelligence, and Case Management systems.
• Establish the integration framework between various security tools, platforms, and data sources.
• Develop scalable architectures to support multi-tenant (MSSP) or large enterprise environments.
• Lead the selection, evaluation, and implementation of SOC technologies (e.g., IBM QRadar, Splunk, Sentinel, XSIAM, etc.).
• Define data ingestion, normalization, enrichment, and correlation strategies for SIEM platforms.
• Design use case frameworks, playbooks, and detection logic aligned with MITRE ATT&CK and NIST standards.
• Define standard operating procedures (SOPs), workflows, and escalation matrices for SOC operations.
• Ensure the SOC design adheres to frameworks such as NIST CSF, ISO 27001, and SOC-CMM maturity model.
• Develop incident response and threat management architectures.
• Design SOAR workflows to automate alert triage, enrichment, and response actions.
• Integrate threat intelligence, vulnerability management, and incident management systems.
• Recommend AI/ML-driven use cases to enhance detection and reduce false positives.
• Ensure SOC tools and processes meet compliance requirements (GDPR, PCI-DSS, HIPAA, etc.).
• Support audit and assessment activities by providing architectural documentation and evidence.
• Drive continuous improvement and maturity roadmap for the SOC.
• Regular Collaboration & Stakeholder Management.

Basic Qualifications:

• Bachelor's or master's degree in computer science, Cybersecurity, or related field.
• 8–12 years of experience in cybersecurity, with at least 5+ years in SOC design, engineering, or architecture roles.
• Strong hands-on experience with SIEMs (QRadar, Splunk, Sentinel, XSIAM, etc.) and SOAR platforms.
• Deep understanding of network, endpoint, and cloud security technologies.
• Knowledge of threat detection frameworks: MITRE ATT&CK, Cyber Kill Chain, Diamond Model.
• Experience with API integrations, log pipelines, and automation scripting (Python, PowerShell, REST APIs).
• Familiarity with containerization, cloud-native SOCs, and modern data architectures (Kafka, Elastic, etc.).

Preferred Qualifications:

• Certifications preferred: CISSP, CISM, CCSP, GIAC (GCIA/GCIH/GCTI), or vendor-specific SIEM certs.‍

Why Gruve

At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you're passionate about technology and eager to make an impact, we'd love to hear from you.

Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted.