Cybersecurity Threat Detection & Analysis Lead

Role Overview

The SOC Lead serves as a senior member of the Monitoring and Threat Detection function. This role focuses on high-quality incident triage, technical escalation management, continuous improvement of detection capabilities, and leading incident analysis across enterprise-wide environments. The SOC Lead mentors L1 / L2 analysts, ensures SLA compliance, and drives process innovation within the SOC.

Key Responsibilities

Lead deeper security investigations (L2 / L3) and advanced triage of escalated alerts across SIEM, EDR, and email security platforms. Collaborate with Threat Detection, Incident Response, and Threat Hunting teams to validate and escalate potential threats. Oversee quality assurance of security tickets and ensure accurate root cause and kill chain identification. Manage the design and optimization of detection rules, threat correlation logic, and playbooks within SIEM / SOAR tools. Provide subject matter expertise in high-severity incident response and containment, ensuring coordinated communication with clients and internal stakeholders. Conduct and support Purple Team simulations and threat validation exercises to assess detection efficacy. Mentor and guide SOC analysts, fostering technical growth and enforcing operational discipline. Coordinate with enterprise teams on email and cloud security incidents, leading Proofpoint and Microsoft 365 Defender investigations. Define and maintain documentation including incident response procedures, triage guides, and detection playbooks. Contribute to automation initiatives to reduce repetitive manual work and improve response efficiency.

Core Skills and Experience

5–9 years of cybersecurity operations experience, with at least 3–4 years in SOC L2 / L3 or senior incident response roles. Hands-on expertise with multiple SIEM platforms (e.G., AWS, Azure Wazuh, Splunk, Log360, Elastic). Proficient with leading EDR tools such as CrowdStrike, Microsoft Defender, SentinelOne, Fortinet. Strong working knowledge of Email Security (TAP, DLP, Threat Response, SPF / DKIM / DMARC) tools such as FortiMail, Microsoft Purview, Proofpoint Expertise in attack vectors, MITRE ATT&CK mapping, threat analysis, and incident containment strategies. Solid understanding of enterprise infrastructure — networks, firewalls, endpoint platforms, OS (Windows / Linux), and web applications. Excellent knowledge of cloud security operations across Azure, AWS, and Google Cloud. Awareness of major security frameworks : ISO 27001, NIST, CIS, OWASP, and PCI DSS. Functional knowledge of SOAR automation and orchestration workflows.

Leadership and Delivery

Lead service operations ensuring incident SLAs are consistently met. Conduct regular performance reviews and provide knowledge-sharing sessions to elevate SOC maturity. Liaise with customers to discuss incident outcomes, mitigations, and improvement recommendations. Manage process documentation and enforce consistent global SOC methodologies.

Desired Certifications

CEH, GCIA, GCIH, CISSP, or equivalent cybersecurity certifications. Vendor-specific credentials (Microsoft, Proofpoint, or SIEM / EDR certifications) preferred.

Additional Attributes

Strong analytical, investigative, and documentation skills. Excellent communication and presentation abilities. Self-driven with ability to manage multiple escalations under pressure. Flexible to work in a 24x7 rotational environment if required.