SecOps Lead

Security Operations Lead (SOC Modernization & AI Enablement)

Overview:
A rapidly growing technology-driven organization is seeking a Security Operations Lead to modernize and optimize its Security Operations Center (SOC). This role focuses on improving operational workflows, implementing automation, and introducing AI-assisted capabilities to enhance detection, investigation, and response.

This is a highly cross-functional role partnering with Engineering, Platform, and Security leadership to deliver scalable, secure, and high-quality security outcomes.

Key Responsibilities:
SOC Modernization & Operations

• Design and execute a SOC modernization roadmap, including workflow standardization and process improvements

• Establish consistent processes across intake, triage, investigation, escalation, and closure

• Improve case management quality, documentation standards, and audit readiness

• Define operational rhythms including queue health checks, reporting, and post-incident reviews

AI Enablement & Automation:

• Implement AI-assisted capabilities to improve alert triage, investigation, and case documentation

• Enable automation for enrichment, prioritization, and response workflows

• Define governance and guardrails (approval workflows, audit trails, data handling standards)

• Evaluate vendors and/or internal solutions and lead pilot programs through production deployment

Tooling & Integration:

• Lead integrations across SIEM, EDR, SOAR, cloud telemetry, and collaboration tools

• Partner with engineering teams to improve telemetry pipelines, normalization, and enrichment

• Define operational acceptance criteria for tooling changes (reliability, latency, security)

Metrics & Continuous Improvement:

• Develop and track key SOC performance metrics (e.g., time-to-triage, case aging, escalation quality)

• Lead continuous improvement through quality reviews, post-incident analysis, and KPI tracking

• Identify inefficiencies and implement targeted improvements via automation and process optimization

Collaboration & Enablement:

• Train and mentor analysts on workflows, tools, and best practices

• Improve coordination across Security, Engineering, IT, and Platform teams

• Provide concise, actionable updates to leadership stakeholders

Required Qualifications:

• 5+ years of experience in security operations, SOC engineering, or incident response

• Strong understanding of SOC workflows and incident lifecycle management

• Experience with SIEM, EDR, and security tooling integrations

• Proven ability to drive operational improvements (processes, playbooks, automation)

• Strong communication and stakeholder management skills

Preferred Qualifications:

• Experience with AI-assisted SOC tooling or automation platforms

• Experience implementing SOAR or workflow automation solutions

• Familiarity with query languages (KQL, SPL, WQL)

• Scripting experience (Python or Bash)

• Exposure to cloud environments (AWS, Azure, GCP)

What Success Looks Like:

• Standardized and measurable SOC workflows across teams

• Reduced alert fatigue and improved investigation efficiency

• Successful adoption of AI-assisted tools with appropriate governance

• Improved integration and data quality across security tooling

• Clear metrics demonstrating continuous operational improvement

Compensation & Benefits

• Base Salary: $160,000-$180,000 annually

• No bonus structure associated with this role

• Benefits: medical, dental, and vision insurance available

Work Environment:

• Collaborative, cross-functional environment working closely with security and engineering teams

• Fast-paced, continuous improvement–driven organization

• Hybrid or onsite expectations may vary based on location

#LI-PW1