SOC Team Leader

Join Nice one as a SOC Team Leader. In this security-focused role you will lead the Security Operations Center (SOC) team to detect, investigate, and respond to cybersecurity incidents while improving monitoring, processes, and tool effectiveness. The role emphasizes operational leadership, incident management, threat hunting and intelligence, cross-functional coordination with IT and risk teams, and continuous improvement to reduce risk, improve detection, and ensure timely, compliant incident handling.

• Lead, mentor, and develop a team of SOC analysts across shifts, ensuring coverage, capability growth, and consistent application of playbooks and detection procedures.
• Oversee day-to-day SOC operations including monitoring alerts, triage, investigation, escalation, and incident response in accordance with defined SLAs and incident classification.
• Manage and coordinate response to security incidents, including containment, eradication, recovery activities, root cause analysis, and post-incident reporting and remediation tracking.
• Maintain and improve SOC detection capabilities by tuning SIEM rules, integrating telemetry sources, validating alerts, and optimizing use of EDR, network detection, cloud security, and threat intelligence tools.
• Drive proactive threat hunting and use threat intelligence to identify emerging risks, attacker behaviors, and gaps in coverage; translate findings into detection and prevention improvements.
• Develop, update, and enforce SOC processes, runbooks, escalation paths, and playbooks to ensure repeatable, auditable incident handling and continuous improvement.
• Coordinate with IT, engineering, risk, compliance, and business teams to communicate incidents, support investigations, and implement mitigation and remediation actions.
• Produce timely and actionable operational and executive reports on SOC performance, metrics (MTTR, MTTD, alert volumes, false positive rates), and incident trends to stakeholders.
• Manage vendor relationships and integrations for managed detection and response (MDR), threat intelligence, and security tooling; evaluate and onboard solutions to improve SOC effectiveness.
• Ensure SOC operations comply with applicable policies, regulatory requirements, and internal security standards; participate in audits and readiness activities when required.

• Bachelor’s degree in Computer Science, Information Security, or related field, or equivalent practical experience.
• 5+ years of experience in security operations, incident response, or a related cybersecurity role, with at least 2 years in a supervisory or team lead capacity.
• Hands-on experience with SIEM (e.g., Splunk, Elastic, QRadar), EDR platforms, network detection tools, and common security telemetry sources.
• Strong incident response, digital forensics, and threat-hunting skills with familiarity across on-premises, cloud (AWS/Azure/GCP), and hybrid environments.
• Professional certifications such as GCIA, GCIH, CISSP, CISM, or equivalent are preferred.
• Professional proficiency in English is required; proficiency in Arabic is a plus depending on location.
• Legal right to work in the hiring country and availability to support rotating shifts, on-call duties, and incident response outside business hours as needed.

• Strong leadership and people-management skills with the ability to coach analysts, manage performance, and foster a collaborative, learning-focused team culture.
• Excellent analytical and problem-solving skills with the ability to prioritize under pressure and make timely, evidence-based decisions during incidents.
• Solid technical knowledge of common attack techniques, log sources, networking, operating systems, and cloud services to guide investigations and tune detections.
• Effective communication skills to translate technical findings into clear recommendations for technical and non-technical stakeholders, and to prepare executive summaries.
• Process-oriented mindset with attention to detail for maintaining runbooks, documentation, and SOC metrics; experience improving operational workflows and automation.
• Ability to work collaboratively across a matrixed organization and adapt to changing priorities in a fast-paced security environment.

Nice one is committed to creating an inclusive workplace. We welcome applications from all qualified candidates and will provide reasonable accommodations during the recruitment process upon request.