Soc Team Lead

Summary

Join BlueVoyant as a Security Operations Center (SOC) Team Lead in Cork, Ireland! This hybrid role requires 2-3 days on-site, working a Panama shift schedule (rotating 12-hour shifts). You will lead and mentor a team of security analysts, ensuring efficient incident response and client service. As a technical expert, you'll guide analysts through active intrusions, prioritize analysis, and maintain a client-first approach. Responsibilities include managing analyst workload, communicating with clients, providing quality control, and participating in incident resolution. This position demands strong technical and interpersonal skills, experience managing technical teams, and advanced knowledge of network protocols and security tools.

Requirements

• Possess strong teamwork and interpersonal skills, including the ability to work effectively with a globally distributed team
• Be able and willing to work in a 24/7/365 environment, including nights and weekends, on a rotating shift schedule
• Have experience managing technical individual contributors, including providing feedback, monitoring quality, and prioritizing work
• Possess strong customer communications skills, including articulating complex or urgent technical data and scenarios to non-technical audiences
• Have the ability to handle high pressure situations in a productive and professional manner
• Have knowledge of and experience with intrusion detection/prevention systems and SIEM software
• Possess advanced knowledge and understanding of network protocols and devices
• Have advanced experience with Mac OS, Windows, and Unix systems
• Have the ability to analyze event logs and recognize signs of cyber intrusions/attacks
• Possess advanced written and verbal communication skills and the ability to present complex technical topics in clear and easy-to-understand language
• Have familiarity with tools such as Malware Sandboxes, Sentinel, Splunk, EDR solutions
• Possess strong knowledge of the following: Enterprise Cloud Solutions (Azure, GCP, AWS)
• Have knowledge of Modern authentication systems and attacks (SSO, OATH, Entra, etc.)
• Understand SIEM workflows (preferably Sentinel and Splunk)
• Understand Packet Analysis
• Understand Malware Detection, to include dynamic and light static analysis
• Understand Network Monitoring metadata (web logs, firewall logs, WAF/IDS)
• Understand Email Security and common business email compromise attacks
• Understand Vulnerability Identification and correlation to attacker behavior
• Have a minimum bachelor’s degree in Information Security, Computer Science, or other IT-related field or equivalent experience

Responsibilities

• As a team lead the success of the team relies on your expertise to spot and respond to attacks before adversaries gain a foothold
• Your visibility over incoming alerts allows you to spot trends, prioritize analysis work, and define the gold standard of analyst work
• Directly supervise analysts on your shift, providing mentorship, workflow assistance, quality and performance reviews, and provide excellent customer service
• Supervise and mentor Security Analysts during a standard working team/shift which includes scheduling, PTO, and working with peers to ensure adequate coverage
• Manage analyst workload and workflows while acting as an escalation point for your team
• Communicate with BlueVoyant clients throughout incident escalations and service delivery questions or concerns
• Supervise operations in deterring, identifying, monitoring, investigating, and analyzing attacks
• Support analyst alert triage to identify whether appropriate escalations occurred, and monitor for patterns indicating late-stage incident lifecycle alerts requiring incident response
• Provide quality control and feedback for analyst investigations
• Participate in the response, investigation, and resolution of security incidents
• Ensure teams are aware of operating procedures and any changes or additions
• Aid in keeping operational documentation up to date
• Provide incident investigation, handling, and response, including incident documentation
• Serve as the technical escalation point and mentor for your analyst team
• Perform triage of incoming issues (assess the priority, determine risk)
• Maintain a strong awareness of the current threat landscape

Preferred Qualifications

• Have experience in network/host vulnerability analysis, intrusion analysis, digital forensics, penetration testing, or related areas
• Have 5+ years of hands-on SOC/TOC/NOC experience
• Possess GIAC certification(s)
• Possess CISSP, Security +, Network +, CEH, RHCA, RHCE, MCSA, MCP, or MCSE certifications
• Have familiarity with technologies such as Sentinel, Splunk, Microsoft Defender suites, Crowdstrike Falcon, SentinelOne
• Have familiarity with Group Policy, Intune, Virtualization, and other IT Infrastructure tools
• Have understanding and/or experience with one or more of the following programming languages: JavaScript, Python, Lua, Ruby, GoLang, Rust