Team Lead, SOC (Security Operations Center)

About this role

We are looking for a SOC (Security Operations Center) Team Lead to build and lead our SOC function end-to-end. You will own vulnerability management, alerting and detection engineering, incident response, and the security tooling/infrastructure that enable these missions. You’ll define processes, collaborate closely with Product, Infra and IT, and continuously improve detection quality and response time.

Key responsibilities

• Lead & grow the team: Manage the SOC team, shape the roadmap, delegate effectively, and mentor engineers.

• Drive operations:
• Define vulnerability management processes and coordinate stakeholders for timely remediation.
• Design, implement, and operate SIEM/SOAR infrastructure (ingestion, normalization, correlation, alerting, playbooks).
• Specify logging requirements across our main stacks and centralize telemetry in the SIEM.
• Develop and tune correlation rules and detections; manage CTI intake and operationalize intel.
• Run continuous improvement to reduce false positives and raise signal quality.
• Establish crisp procedures for alert triage, escalation, and incident handling & investigation.
• Lead incident communications with stakeholders and ensure thorough documentation.

• Engineering & enablement:
• Contribute to security tooling, automation, and integrations that speed up detection/response.
• Produce guidance and documentation for product/infra teams; contribute to compliance in the SOC perimeter.

• Exercises & assurance:
• Coordinate red/blue exercises, post-mortems, and targeted audits to validate coverage and resilience.

Requirements

• 8+ years of experience leading SOC/CSIRT functions, with proven leadership.

• Hands-on with SIEM (e.g., Elastic Security, Sekoia, Splunk) and SOAR platforms.

• Strong experience in vulnerability management (e.g., DefectDojo, Dependency-Track) and remediation workflows.

• Solid grasp of the cyber kill chain / attack lifecycle, detection engineering, and log source coverage.

• Excellent problem-solving and communication skills; able to operate in a fast-paced startup environment.

• Builder mindset: pragmatic, automation-oriented, comfortable with ambiguity and ownership.

Nice to have

• Bring scripting/automation skills (e.g., Python, Bash) for data pipelines/playbooks.

• Know modern infra/app stacks (Linux, containers, Kubernetes, cloud), EDR/IDS/IPS.

• Have exposure to compliance frameworks (ISO 27001, SOC 2) and security audits/pen-tests.

• Have run purple team exercises and measurable detection-coverage programs.

• Are comfortable partnering with Product/Platform teams and influencing roadmaps.