The RoleThe SOC Team Lead role serves as the technical and operational management head of a portion of the NuHarbor Security Analyst team. The Team Lead reports directly to the Security Operations Manager and is accountable to ensure that the Analyst team operates effectively, professionally, in a timely manner and in the best interest of NuHarbor Security and our clients.
What you'll do
- Lives by the NuHarbor corporate values: Help Clients Win, Always Improve, Protect the House.
- Are responsible and accountable for analyzing security alerts, events, and trends to effectively communicate the value of NuHarbor services.
- Conduct investigations independently and provide actionable, context-relevant escalations and recommendations to clients.
- Support the Security Analyst team with alert triage, classification, disposition, and escalation within SLA requirements.
- Serve as the primary technical escalation point for complex or high-severity security incidents. Guide the investigation and response efforts to ensure timely and effective remediation.
- Perform regular quality assurance checks on analysts' work, including alert triage, investigation notes, and incident reports, to ensure accuracy, thoroughness, and adherence to established procedures.
- Provide constructive, real-time feedback to analysts on their technical work and help them develop their skills in areas like forensics, malware analysis, and threat hunting.
- Contribute to the development, documentation, and refinement of SOC processes, standard operating procedures (SOPs), and incident response playbooks.
- Lead and participate in proactive threat hunting activities and assist in the analysis of emerging threats, vulnerabilities, and security trends.
- Develop, implement, and improve documentation and operational processes.
- Train, mentor, and support junior analysts autonomously.
- Perform threat hunting in client environments.
- Develop automation playbooks to reduce alert volume and increase alert fidelity.
- Develop and tune detections to support NuHarbor Detection Engineering Strategy.
- Develop recommendations and enhancements to mature a client's cybersecurity program.
- Demonstrate a team-first mindset and proactively support operations without direct leader assignment.
- Communicate effectively with leadership regarding escalations or advanced threats that require additional after-hour support.
- Perform 1 on 1 meetings with SOC analysts.
Your foundation. The requirements for this role:
- Bachelor's Degree in a related field and five (5) or more years in Information Technology.
- In lieu of a degree, two (2) years of experience in a related technology field and relevant industry certifications are required.
- Demonstrated experience with SOC operations, executing security event triaging and tuning.
- Demonstrated experience writing runbooks and support procedures.
- Demonstrated experience as a technical lead for security operations.
- Strong understanding of Incident Response phases and demonstrated experience responding to security incidents.
- Demonstrated experience with security event triaging and threat hunting executed through both a SIEM and EDR toolset.
- Demonstrated experience with Endpoint Detection and Response (EDR) or Security Orchestration Automation and Response solutions.
- Splunk Enterprise Security
- Demonstrated experience with scripting in industry standard languages in a manner that supports automation solutions.
- Demonstrated experience communicating and presenting to executive level client stakeholders.
- Excellent written and verbal communication skills.
- Previous experience in technical support or security-focused role.
- Must be authorized to work within the United States.
Additional capabilities that will differentiate you for this role:
- Bachelor's Degree and seven (7) or more years in the Information Technology field.
- Holds at least two relevant industry certifications (GCFA, GCIH, CEH, CISSP, etc.)
- Technical writing and reporting experience.
- Experience executing initial triaging and response through a SOAR platform.
- Experience with multiple operating systems (Linux, MacOS, Windows), their command lines, processes, and file systems.
- Experience with memory and storage forensics.
- Experience with static and dynamic malware analysis.
- Experience providing recommendations to harden existing security controls.
- Experience identifying gaps within security control architecture.
- Talent for communicating complex topics in an easily digestible manner.
- Experience with data science techniques (clustering, anomaly detection, data normalization, etc.)
- General systems administrator experience.
- Experience working with State and Local Government.
- Experience working in multiple cybersecurity disciplines (i.e. RedSec, Threat, Information Assurance, Engineering, etc.)
Base Salary for this role is targeted at $130,000 - $150,000 annually. Additionally, this role is eligible for the company bonus plan at a 10% target.
The RewardsWhat you can expect:
- The engagement and support of company leadership who recognize the challenge of marketing a complex cybersecurity service in a chaotic market.
- An organization that recognizes and rewards employee commitment and contribution to our customers' satisfaction and success
- Growth in your career and capabilities as you help to chart a path to improving customer interactivity and service adoption.
- A collaborative and driven working environment in a rapidly growing company and market
- A fun and social working environment where you are encouraged to be your true self.
You can also expect competitive salary and benefits, including paid time to give back in your community and generous PTO.
We are purpose driven. We, as an organization, above anything else protect the house first and then help our customers win. If this sounds like the kind of organization you'd like to be a part of, we'd like to hear from you.
