SOC Lead

Company	ID.me
Location	McLean, VA, USA, Mountain View, CA, USA
Salary	$159166 – $201287
Type	Full-Time
Degrees
Experience Level	Senior, Expert or higher

8+ years of experience in information security, with extensive hands-on experience in incident response, threat hunting, and forensic analysis.
2+ years of demonstrated experience in a lead SOC role and responding to sophisticated threats.
4+ years of experience detecting, analyzing, and mitigating complex threats and incidents, utilizing advanced security tools (DLP, SIEM, IDS/IPS, EDR and firewalls).

Lead the technical initiatives including advanced host and network-based forensic collection and analysis, to ensure effective containment, eradication, recovery, and post-incident evaluation.
Oversee the detection, analysis, and mitigation of complex insider threats and incidents, utilizing advanced security tools such as DLP, SIEM (e.g., Chronicle, Splunk), IDS/IPS, EDR, and firewalls.
Conduct proactive threat hunting, identifying and responding to Indicators of Compromise (IOC) and Advanced Persistent Threat (APT) tactics, techniques, and procedures (TTPs).
Develop and refine threat detection signatures, analytics, and correlation rules to enhance our security posture and improve detection capabilities.
Lead projects related to security monitoring, incident response, and SOC process improvement, ensuring alignment with best practices and emerging threats.
Mentor and provide technical guidance to junior SOC analysts, fostering a culture of continuous learning and professional development within the team.
Collaborate closely with Tier 2 and 3 staff and other cross-functional teams to ensure seamless detection, classification, and reporting of security incidents, adhering to and enhancing Standard Operating Procedures (SOPs).
Stay abreast of the latest cybersecurity trends, tools, and technologies, driving the adoption of new solutions and methodologies to strengthen our incident response capabilities.

Comprehensive understanding of email security, network monitoring, data loss prevention (DLP), OS forensics, and other key security domains.
Advanced expertise in using and optimizing SIEM tools (Chronicle, Splunk) and other security technologies for high-level threat detection and incident response.
In-depth knowledge of cloud environments, including AWS, GCP, and/or Azure, with a strong focus on securing cloud infrastructures.
Proven track record in developing insider threat detection strategies, writing detection signatures, and enhancing SOC processes.
Strong experience in threat intelligence, with the ability to translate adversary tactics and techniques into actionable detection and mitigation strategies.
Proficiency in leading forensic investigations across multiple operating systems, including Linux, MacOS, and Windows.
Demonstrated proficiency in scripting languages (Python, bash, Go, PowerShell) and process automation.
Mature soft skills, including collaboration, communication, teamwork, and adaptability.
Advanced industry certifications, such as GCIA, GCIH, GCFA, CISSP, or equivalent.
Experience leading efforts to combat fraud, particularly in high-risk environments.
Prior experience in developing and implementing SOC SOPs and contributing to SOC maturity assessments.