Security Operations Lead (SOC Modernization & AI Enablement)
Overview: A rapidly growing technology-driven organization is seeking a
Security Operations Lead to modernize and optimize its Security Operations Center (SOC). This role focuses on improving operational workflows, implementing automation, and introducing AI-assisted capabilities to enhance detection, investigation, and response.
This is a highly cross-functional role partnering with Engineering, Platform, and Security leadership to deliver scalable, secure, and high-quality security outcomes.
Key Responsibilities:
SOC Modernization & Operations - Design and execute a SOC modernization roadmap, including workflow standardization and process improvements
- Establish consistent processes across intake, triage, investigation, escalation, and closure
- Improve case management quality, documentation standards, and audit readiness
- Define operational rhythms including queue health checks, reporting, and post-incident reviews
AI Enablement & Automation: - Implement AI-assisted capabilities to improve alert triage, investigation, and case documentation
- Enable automation for enrichment, prioritization, and response workflows
- Define governance and guardrails (approval workflows, audit trails, data handling standards)
- Evaluate vendors and/or internal solutions and lead pilot programs through production deployment
Tooling & Integration: - Lead integrations across SIEM, EDR, SOAR, cloud telemetry, and collaboration tools
- Partner with engineering teams to improve telemetry pipelines, normalization, and enrichment
- Define operational acceptance criteria for tooling changes (reliability, latency, security)
Metrics & Continuous Improvement: - Develop and track key SOC performance metrics (e.g., time-to-triage, case aging, escalation quality)
- Lead continuous improvement through quality reviews, post-incident analysis, and KPI tracking
- Identify inefficiencies and implement targeted improvements via automation and process optimization
Collaboration & Enablement: - Train and mentor analysts on workflows, tools, and best practices
- Improve coordination across Security, Engineering, IT, and Platform teams
- Provide concise, actionable updates to leadership stakeholders
Required Qualifications: - 5+ years of experience in security operations, SOC engineering, or incident response
- Strong understanding of SOC workflows and incident lifecycle management
- Experience with SIEM, EDR, and security tooling integrations
- Proven ability to drive operational improvements (processes, playbooks, automation)
- Strong communication and stakeholder management skills
Preferred Qualifications: - Experience with AI-assisted SOC tooling or automation platforms
- Experience implementing SOAR or workflow automation solutions
- Familiarity with query languages (KQL, SPL, WQL)
- Scripting experience (Python or Bash)
- Exposure to cloud environments (AWS, Azure, GCP)
What Success Looks Like: - Standardized and measurable SOC workflows across teams
- Reduced alert fatigue and improved investigation efficiency
- Successful adoption of AI-assisted tools with appropriate governance
- Improved integration and data quality across security tooling
- Clear metrics demonstrating continuous operational improvement
Compensation & Benefits - Base Salary: $160,000-$180,000 annually
- No bonus structure associated with this role
- Benefits: medical, dental, and vision insurance available
Work Environment: - Collaborative, cross-functional environment working closely with security and engineering teams
- Fast-paced, continuous improvement-driven organization
- Hybrid or onsite expectations may vary based on location
#LI-PW1
