SOC Lead - Detection & Response

Atlan is building the missing context layer for data and AI, helping enterprises close the AI value chasm. Today, 95% of AI pilots fail because AI systems don’t understand the context behind data: what it means, how it’s governed, and how it should be used.

Atlan connects to every part of the modern data and AI stack to unify this context into a single, shared layer that both humans and AI agents can rely on.

With Atlan, teams can discover, understand, and trust their data; build and collaborate on a shared body of knowledge; and activate that context across analytics, operations, and AI workflows.Trusted by global enterprises like Mastercard, Workday, General Motors, Unilever, Ralph Lauren, FOX, Nasdaq, and Medtronic, we’re backed by world-class investors including GIC, Insight Partners, Meritech, Peak XV, and Salesforce Ventures

We're looking for a SOC Lead who will own Atlan's security operations end-to-end. You lead the function, not a team. You own detection and response outcomes, manage our external SOC vendor, and build the AI-native operations layer that defines what security ops looks like at Atlan.

You'll report to the Senior Security Manager and work across Application Security, Platform Security, GRC, and Corporate Security. We expect this person to contribute beyond SOC — whether that's supporting compliance audits, or security automation.

• →

  Own SOC operations

  • →

    Be the single accountable owner for detection, triage, and response at Atlan. Define what good looks like. Hold yourself and the vendor to it.

• →

  Manage the managed SOC vendor

  • →

    Drive day-to-day operations with our external MDR/managed SOC provider. Own the SLA conversations, escalation paths, tuning feedback loops, and monthly reviews.

• →

  Build detection and response capability

  • →

    Develop and continuously improve detection coverage across the security stack. Reduce false positives, improve MTTD and MTTR, and build runbooks and playbooks that the team can actually use.

• →

  Build and operate AI agents for SOC

  • →

    Design and deploy AI agents that handle alert triage, evidence gathering, and investigation summaries autonomously. Move the SOC from reactive-human-only to a model where AI agents do the first pass — and analysts make the calls. Think agentic workflows, not just dashboards.

• →

  Lead incident response

  • →

    Take command of incidents. Run post-mortems. Feed learnings back into controls and detection. Be the point of contact for internal stakeholders and, when needed, external parties.

• →

  Drive automation

  • →

    Security at Atlan is built on automation. You'll write scripts, build n8n workflows, and contribute to our Claude AI-powered security tooling — whether that's auto-enriching alerts, closing remediation loops, or generating incident timelines. We expect you to ship working code, not just spec it out.

• →

  Build toward in-house SOC

  • →

    Develop the roadmap for transitioning from a vendor-heavy model to an in-house capability. Define hiring profiles, tooling requirements, and the right sequencing.

• →

  Contribute across security domains

  • →

    This is a small, high-trust team. You'll contribute to supporting compliance audits, risk assessments, and other security program work — not just SOC operations.

• →

  Report to leadership

  • →

    Maintain a clear picture of Atlan's detection and response posture. Produce regular metrics and narratives for the senior leadership.

• 6+ years in security operations, with demonstrated experience building or leading core SOC functions, particularly across detection engineering and incident response.

• Hands-on experience with SIEM platforms — alert triage, detection rule development, correlation logic (Splunk preferred)

• Experience managing or working closely with a managed SOC or MDR vendor

• Strong incident response fundamentals — you've run incidents, written post-mortems, and improved controls as a result

• Comfortable with cloud-native environments (AWS/GCP/Azure) and the threat landscape specific to SaaS B2B companies

• Experience with EDR platforms (SentinelOne, CrowdStrike, or similar)

• Ability to write clearly — incident reports, runbooks, leadership briefings

• Hands-on experience building automation — scripts, workflows, or integrations that reduced manual analyst work

This role is explicitly AI-forward. We're not looking for someone who will learn AI on the job — we want someone actively building with it.

• Working knowledge of LLMs and how they can be applied to security operations — triage, summarization, investigation assistance

• Experience building or using AI-assisted security workflows (prompt engineering, agent frameworks, or SOAR + AI integrations)

• Ability to evaluate and deploy AI SOC agent tooling — you can tell the difference between a demo and something production-ready

• Experience building or scaling an in-house SOC from scratch

• Familiarity with automation tooling (n8n, Tines, Palo Alto XSOAR, or similar)

• Prior work building agentic security workflows — multi-step AI pipelines that take actions, not just generate text

• Working knowledge of compliance frameworks (SOC 2, ISO 27001, HIPAA) and how SOC feeds compliance evidence

• Threat hunting experience

• Relevant certifications: GCIA, GCIH, GCFA, or equivalent

Joining Atlan means being part of a global movement to help data teams do their life’s best work. Here’s what you can expect: