About this role
We are looking for a SOC (Security Operations Center) Team Lead to build and lead our SOC function end-to-end. You will own vulnerability management, alerting and detection engineering, incident response, and the security tooling/infrastructure that enable these missions. You’ll define processes, collaborate closely with Product, Infra and IT, and continuously improve detection quality and response time.
Key responsibilities
• Lead & grow the team: Manage the SOC team, shape the roadmap, delegate effectively, and mentor engineers.
• Drive operations:
– Define vulnerability management processes and coordinate stakeholders for timely remediation.
– Design, implement, and operate SIEM/SOAR infrastructure (ingestion, normalization, correlation, alerting, playbooks).
– Specify logging requirements across our main stacks and centralize telemetry in the SIEM.
– Develop and tune correlation rules and detections; manage CTI intake and operationalize intel.
– Run continuous improvement to reduce false positives and raise signal quality.
– Establish crisp procedures for alert triage, escalation, and incident handling & investigation.
– Lead incident communications with stakeholders and ensure thorough documentation.
• Engineering & enablement:
– Contribute to security tooling, automation, and integrations that speed up detection/response.
– Produce guidance and documentation for product/infra teams; contribute to compliance in the SOC perimeter.
• Exercises & assurance:
– Coordinate red/blue exercises, post-mortems, and targeted audits to validate coverage and resilience.
Requirements
• 8+ years of experience leading SOC/CSIRT functions, with proven leadership.
• Hands-on with SIEM (e.g., Elastic Security, Sekoia, Splunk) and SOAR platforms.
• Strong experience in vulnerability management (e.g., DefectDojo, Dependency-Track) and remediation workflows.
• Solid grasp of the cyber kill chain / attack lifecycle, detection engineering, and log source coverage.
• Excellent problem-solving and communication skills; able to operate in a fast-paced startup environment.
• Builder mindset: pragmatic, automation-oriented, comfortable with ambiguity and ownership.
Nice to have
• Bring scripting/automation skills (e.g., Python, Bash) for data pipelines/playbooks.
• Know modern infra/app stacks (Linux, containers, Kubernetes, cloud), EDR/IDS/IPS.
• Have exposure to compliance frameworks (ISO 27001, SOC 2) and security audits/pen-tests.
• Have run purple team exercises and measurable detection-coverage programs.
• Are comfortable partnering with Product/Platform teams and influencing roadmaps.
XML job scraping automation by YubHub
