Security Operations Lead

Candidates must be comfortable being onsite 5x a week. Responsibilities SOC modernization Work with the Director of Information Security to build and execute a SOC modernization roadmap Standardize SOC workflows: intake, triage, investigation, escalation/handoff, closure Improve case management quality: templates, evidence capture, consistent documentation, audit readiness Establish operational rhythms: queue health checks, weekly ops review, monthly metrics and outcomes, tabletop exercises & reviews AI SOC agents & workflow automation Implement AI-assisted SOC capabilities that support analysts, including: Alert clustering/deduplication and prioritization support Automated enrichment (asset/user context, baselines, threat intel, cloud context) Investigation copilots (timeline generation, query suggestions, correlation summaries) Draft case notes and executive-ready incident summaries with links back to source evidence Assist with defining guardrails for AI usage: human approval gates, scoped permissions, audit trails, redaction/data handling, and “no unsupported claims” standards Evaluate vendors and/or internal approaches; run pilots, measure results, and lead production rollouts Tooling & integration leadership Coordinate integrations across SIEM, EDR, SOAR, cloud telemetry, ticketing, and collaboration/on-call tooling Partner with Platform Engineering to improve telemetry pipelines (parsing, normalization, enrichment, retention) Define operational acceptance criteria for changes (signal quality, latency, reliability, access controls) Metrics & continuous improvement Partner with the Director of Information Security to drive SOC operational KPIs (e.g., time-to-triage, case aging, escalation completeness, automation coverage) Drive continuous improvement via regular reviews, quality sampling, and post-case learnings Identify recurring pain points and implement targeted fixes (playbooks, automation, training, data improvements) Enablement & collaboration Train and mentor analysts on standard workflows and effective use of AI-assisted tooling Improve cross-functional handoffs between SOC, Engineering, IT, and Platform teams Provide concise operational updates to the Director of Information Security and leadership stakeholders Required qualifications 5+ years in security operations / SOC engineering / incident response operations (or equivalent) Strong understanding of SOC workflows, incident lifecycle, and escalation/handoff patterns Experience with SIEM/EDR ecosystems and integrating security tooling via APIs/webhooks Demonstrated ability to drive operational change: playbooks, metrics, quality, training, adoption Strong written communication and stakeholder management Preferred qualifications Experience deploying AI-assisted SOC tooling (copilots/agents) with governance SOAR/automation experience with approval-gated actions and safe defaults Familiarity with WQL (Wazuh), SPL (Splunk) and/or KQL (Microsoft Sentinel) and light scripting (Python/Bash) Cloud and identity familiarity (AWS/Azure/GCP, SSO/MFA/IAM) What success looks like SOC workflows are consistent and measurable across analysts/shifts Alert noise is reduced, and investigations start with better context and faster handoffs AI-assisted tooling improves analyst throughput and documentation quality with strong guardrails Integrations and telemetry quality improvements materially reduce friction and case aging Leadership has clear metrics that show SOC operational uplift over time #J-18808-Ljbffr