SOC Team Lead - Incident Response

The SOC Team Lead - Incident Response is a senior, customer facing leadership role responsible for overseeing day to day security monitoring, incident handling, and escalation processes across the Security Operations Center. This role provides technical leadership, manages escalated incidents, guides SOC Analysts I-III, drives process improvement, and ensures the SOC's incident response capabilities operate with accuracy, consistency, and speed. The Team Lead serves as the primary escalation point for complex security events and collaborates with the client's engineering, architecture, and operations teams to ensure effective detection, containment, and remediation of threats. The position requires strong incident response expertise, deep knowledge of threat actor TTPs, and the ability to make command decisions under pressure-consistent with SME level expectations.

Incident Response Leadership (50%)
• Lead escalated security incidents from identification through containment, eradication, and recovery, acting as the technical SME during active investigations.
• Own incident bridges and coordinate across Network, Compute, Client Operations, and external partners as required.
• Perform advanced analysis on alerts, logs, malware indicators, lateral movement patterns, and threat intelligence during IR engagements.
• Create and maintain incident timelines, evidence collections, and response documentation.
• Ensure all incidents follow established SLAs, communication plans, and reporting standards.
SOC Team Oversight & Mentorship (15%)
• Assign, coordinate, and check work performed by SOC Analysts; supervise contract resources as required
• Provide coaching and mentorship to junior and mid level analysts to strengthen triage quality, analytical depth, and playbook execution.
• Support onboarding of new SOC analysts, ensuring they are trained in IR procedures, tooling, and operational workflows.
Management Duties (10%)
• Conducts core people leadership activities, including performance reviews, goal setting, and supporting professional development for direct reports.
• Facilitates regular one on one meetings, team meetings, coaching sessions, and feedback conversations to ensure alignment and employee engagement.
• Oversees day to day team operations, ensuring workload balance, adherence to processes, and continuous improvement of team performance and capabilities.
Process Development & Documentation (10%)
• Drive development and continuous refinement of IR playbooks, runbooks, escalation matrices, evidence handling procedures, and communication templates.
• Develop and update technical procedures and guidelines to ensure a consistent SOC response posture.
• Partner with Security Engineering, Architecture, and Threat Intelligence teams to improve detection logic, tuning, and response automation.
Client & Stakeholder Communication (10%)
• Serve as the SOC's primary technical interface for IR related discussions with customer stakeholders, presenting findings to both technical and executive audiences.
• Participate in customer meetings, security reviews, and incident readouts; contribute to recommended improvements and risk mitigation strategies.
Security Operations Enhancement (5%)
• Assist in evaluating tools, detection technologies, and workflow enhancements to improve SOC performance.
• Participate in research, continuous learning, and improvement initiatives to maintain team alignment with emerging threats and best practices.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to View email address on click.appcast.io learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy:


Required Skills & Experience
• 5+ years of experience in SOC operations
• Experience in threat detection, incident response and malware analysis
• Strong experience in CrowdStrike and Splunk
• Familiarity or experience in other tools such as Proofpoint, Zscaler, Cribl, Corelight, Akamai WAF, Open CTI and/ or SOAR
• Demonstrated leadership capability, including incident command experience or team lead responsibilities.
• Bachelor's Degree in Cybersecurity, Computer Science, or related field


Nice to Have Skills & Experience
• Relevant certifications desired:
o SANS/GIAC: GCIH, GCIA, GCFA, GCFE, GREM, GSEC
o Offensive Security: OSCP, OSWE
o ISC2 / ISACA: CISSP, CISM, CISA
o Other IR/SOC focused certifications


Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.