We are looking for a SOC (Security Operations Center) Team Lead to build and lead our SOC function end-to-end. You will own vulnerability management, alerting and detection engineering, incident response, and the security tooling/infrastructure that enable these missions. You’ll define processes, collaborate closely with Product, Infra and IT, and continuously improve detection quality and response time.
What you'll do
• Lead & grow the team: Manage the SOC team, shape the roadmap, delegate effectively, and mentor engineers.
• Drive operations:
– Define vulnerability management processes and coordinate stakeholders for timely remediation.
– Design, implement, and operate SIEM/SOAR infrastructure (ingestion, normalization, correlation, alerting, playbooks).
– Specify logging requirements across our main stacks and centralize telemetry in the SIEM.
– Develop and tune correlation rules and detections; manage CTI intake and operationalize intel.
– Run continuous improvement to reduce false positives and raise signal quality.
– Establish crisp procedures for alert triage, escalation, and incident handling & investigation.
– Lead incident communications with stakeholders and ensure thorough documentation.
• Engineering & enablement:
– Contribute to security tooling, automation, and integrations that speed up detection/response.
– Produce guidance and documentation for product/infra teams; contribute to compliance in the SOC perimeter.
• Exercises & assurance:
– Coordinate red/blue exercises, post-mortems, and targeted audits to validate coverage and resilience.
What you need
• 8+ years of experience leading SOC/CSIRT functions, with proven leadership.
• Hands-on with SIEM (e.g., Elastic Security, Sekoia, Splunk) and SOAR platforms.
• Strong experience in vulnerability management (e.g., DefectDojo, Dependency-Track) and remediation workflows.
• Solid grasp of the cyber kill chain / attack lifecycle, detection engineering, and log source coverage.
• Excellent problem-solving and communication skills; able to operate in a fast-paced startup environment.
• Builder mindset: pragmatic, automation-oriented, comfortable with ambiguity and ownership.
Who you are
• 8+ years of experience leading SOC/CSIRT functions, with proven leadership.
• Hands-on with SIEM (e.g., Elastic Security, Sekoia, Splunk) and SOAR platforms.
• Strong experience in vulnerability management (e.g., DefectDojo, Dependency-Track) and remediation workflows.
• Solid grasp of the cyber kill chain / attack lifecycle, detection engineering, and log source coverage.
• Excellent problem-solving and communication skills; able to operate in a fast-paced startup environment.
• Builder mindset: pragmatic, automation-oriented, comfortable with ambiguity and ownership.
