SOC Lead

A leading financial services organization is seeking a Security Operations Center (SOC) Lead to oversee security monitoring, threat detection, and incident response across the enterprise. This role combines operational leadership with proactive security functions, including threat hunting, insider threat analysis, and the engineering of SOC-related security tools. The SOC Lead will also manage the relationship with the organization’s Managed Detection and Response (MDR) provider and guide improvements to the overall security posture.

This individual will join a collaborative Information Security team that values integrity, agility, partnership, and inclusivity, and will play a critical role in protecting the organization from evolving cyber threats.

• Oversee the performance, tuning, and troubleshooting of core security tools including EDR, MDR, email security gateways, and related systems.
• Maintain and enhance SOC detection capabilities, including the development of new monitoring use cases with MDR partners.
• Conduct proactive threat hunting across endpoints, networks, and cloud environments to identify indicators of compromise and advanced threats.
• Develop and execute hypothesis-driven hunts using threat intelligence, behavioral analytics, and anomaly detection.
• Lead and coordinate incident response efforts from identification through remediation.
• Perform insider threat analysis and related investigations.

• Research emerging threats, attack techniques, and adversary tactics, leveraging frameworks such as MITRE ATT&CK.
• Lead technical tabletop exercises involving business, risk, and technology teams.
• Communicate findings, risks, and recommendations to technical and non-technical stakeholders.
• Support ongoing improvements to SOC processes, tools, and proactive detection methods.

• Master’s degree in Cybersecurity, Computer Science, or a related field.
• 6–8+ years of experience designing, implementing, and operating security tools in complex, highly regulated environments.
• At least 2 years of direct experience in threat hunting or advanced detection roles.
• Hands‑on experience with SIEM platforms (e.g., Splunk, QRadar), EDR solutions (e.g., Crowd Strike, Sentinel One), and log analysis.
• Strong understanding of adversary TTPs and frameworks such as MITRE ATT&CK.
• Excellent analytical, communication, and problem‑solving skills.
• Strong interpersonal skills with the ability to collaborate across diverse teams.

• Experience in financial services or other highly regulated industries.
• Prior experience leading technical tabletop exercises.
• Ability to communicate clearly with both technical and business stakeholders.