Security Operations Lead (SecOps)

• Bachelor’s degree in Computer Science, Cybersecurity, or equivalent professional experience. • Proven experience scaling a SOC through automation and AI — SOAR, hyperautomation, LLM-assisted triage, agentic workflows, or ML-driven detection — with measurable impact on MTTR, coverage, or analyst leverage. • Hands-on experience structuring a SOC, either building one from the ground up or maturing one through significant transformation — SIEM selection, implementation or migration, detection engineering practice, runbook libraries, on-call rotations, and operating metrics. • Deep SIEM expertise (Splunk, Sentinel, Chronicle, Elastic, or similar) — ingestion architecture, detection-as-code, query optimization, and coverage-versus-cost tradeoffs. • Prior experience as the technical lead of a SOC or CSIRT team — owning the full incident response lifecycle, mentoring analysts and engineers, and acting as on-call/incident commander during major incidents. • Strong incident response track record — leading high-severity investigations, root cause analysis, digital forensics, and post-incident reviews that produced durable improvements. • Solid experience in cloud environments (AWS and/or GCP), with strong understanding of cloud-native threats and controls. • Strong scripting and development skills (Python, Go, Bash, or similar) for building automation, integrations, and internal tooling. • Working knowledge of EDR/XDR, identity, and network detection telemetry, and how to combine signals into high-fidelity detections. • Fluency with security frameworks and standards (NIST 800-61, CIS Controls, MITRE ATT&CK, ISO 27001) and the judgment to apply them pragmatically. • Background in threat modeling, adversary emulation, and risk-based alert tuning. • Excellent communicator — able to brief executives during a Sev1, write a clear post-mortem, and translate technical risk into business language for non-technical audiences. • Proven track record of leading cross-functional efforts in high-pressure situations and fostering collaboration across InfoSec, IT, and engineering. • Forensics experience, investigating incidents and preserving digital evidence.