SOC Team Lead

Summary

Join BlueVoyant as a SOC Team Lead to help global customers manage their IT security. As a technical expert and defensive strategist, you'll guide analysts through active intrusions, aid clients in taking action, and build a culture of client-first detection and response.

Requirements

• Strong teamwork and interpersonal skills, including the ability to work effectively with a globally distributed team
• Able and willing to work in a 24/7/365 environment, including nights and weekends, on a rotating shift schedule
• Experience managing technical individual contributors, including providing feedback, monitoring quality, and prioritizing work
• Strong customer communications skills, including articulating complex or urgent technical data and scenarios to non-technical audiences
• Ability to handle high pressure situations in a productive and professional manner
• Knowledge of and experience with intrusion detection/prevention systems and SIEM software
• Advanced knowledge and understanding of network protocols and devices
• Advanced experience with Mac OS, Windows, and Unix systems
• Ability to analyze event logs and recognize signs of cyber intrusions/attacks
• Advanced written and verbal communication skills and the ability to present complex technical topics in clear and easy-to-understand language
• Familiarity with tools such as Malware Sandboxes, Sentinel, Splunk, EDR solutions
• Strong knowledge of the following: Enterprise Cloud Solutions (Azure, GCP, AWS)
• Modern authentication systems and attacks (SSO, OATH, Entra, etc.)
• SIEM workflows (preferably Sentinel and Splunk)
• Packet Analysis
• Malware Detection, to include dynamic and light static analysis
• Network Monitoring metadata (web logs, firewall logs, WAF/IDS)
• Email Security and common business email compromise attacks
• Vulnerability Identification and correlation to attacker behavior

Responsibilities

• As a team lead the success of the team relies on your expertise to spot and respond to attacks before adversaries gain a foothold
• Directly supervise analysts on your shift, providing mentorship, workflow assistance, quality and performance reviews, and provide excellent customer service
• Manage analyst workload and workflows while acting as an escalation point for your team
• Communicate with BlueVoyant clients throughout incident escalations and service delivery questions or concerns
• Supervise operations in deterring, identifying, monitoring, investigating, and analyzing attacks
• Support analyst alert triage to identify whether appropriate escalations occurred, and monitor for patterns indicating late-stage incident lifecycle alerts requiring incident response
• Provide quality control and feedback for analyst investigations
• Participate in the response, investigation, and resolution of security incidents
• Ensure teams are aware of operating procedures and any changes or additions
• Aid in keeping operational documentation up to date
• Provide incident investigation, handling, and response, including incident documentation
• Serve as the technical escalation point and mentor for your analyst team
• Perform triage of incoming issues (assess the priority, determine risk)
• Maintain a strong awareness of the current threat landscape

Preferred Qualifications

• Experience in network/host vulnerability analysis, intrusion analysis, digital forensics, penetration testing, or related areas
• 5+ years of hands-on SOC/TOC/NOC experience
• GIAC certification(s) strongly preferred. CISSP, Security +, Network +, CEH, RHCA, RHCE, MCSA, MCP, or MCSE preferred
• Familiarity with technologies such as Sentinel, Splunk, Microsoft Defender suites, Crowdstrike Falcon, SentinelOne
• Familiarity with Group Policy, Intune, Virtualization, and other IT Infrastructure tools
• Understanding and/or experience with one or more of the following programming languages: JavaScript, Python, Lua, Ruby, GoLang, Rust