SOC Technical Lead

Act as a technical leader and mentor, guiding SOC analysts in effective triage, investigation, and response

Serve as the primary escalation point, providing direction on complex and high-severity incidents

Drive continuous learning and development within the SOC through structured training and hands-on coaching

Establish and promote best practices for incident investigation and response

Ensure analysts follow a consistent and high-quality approach to security event analysis

Conduct regular knowledge-sharing sessions, case reviews, and post-incident learning discussions

Guide the team in understanding attacker behavior, detection logic, and investigation techniques

Collaborate with Cyber Incident Response, Detection Engineering, and Threat Intelligence teams to enhance team knowledge and detection capabilities

Support and guide development of KQL queries, use cases, and detection rules

Provide direction on automation strategies using XSOAR and Sentinel

Monitor SOC performance and guide improvements to meet SLA, MTTD, and MTTR targets

Provide insights and recommendations to leadership on SOC maturity and improvements

Microsoft Sentinel (SIEM)

XSOAR (SOAR)

Microsoft Defender Suite

KQL (Kusto Query Language)

MITRE ATT&CK Framework

Azure AD / Entra ID

Windows/Linux logs and authentication

Networking (TCP/IP, DNS, VPN)

Incident response lifecycle and threat hunting

Certifications: SC-200 / AZ-500 / Security+ / CEH

Experience in threat intelligence and IOC analysis

Exposure to cloud security (Azure/AWS/GCP)

Strong mentorship and coaching mindset

Excellent analytical and problem-solving skills

Ability to guide teams in high-pressure situations

Clear and effective communication skills

Focus on continuous improvement and team development