Technical Soc Lead

Summary

Join Picus Security, a leading security validation company, as a Technical SOC & SecOps Lead. You will play a pivotal role in securing our customer data, cloud assets, and endpoint security, primarily in macOS environments. Lead both SOC and SecOps domains, ensuring strong alignment between threat detection, incident response, and security tool operations. Develop and refine cloud-focused threat detection strategies and own incident response strategy and playbooks. This role requires a deep technical background in threat detection, security monitoring, cloud security, and security tooling. You will mentor and develop SOC and SecOps engineers, fostering a culture of security excellence and continuous learning.

Requirements

• 2+ years of experience in SOC, SecOps, or security engineering leadership roles
• Strong expertise in cloud security, particularly in cloud security services and configurations
• Hands-on experience with SIEM, EDR/XDR, and security automation (SOAR) tools
• Expertise in threat detection engineering and incident response methodologies
• Experience securing SaaS applications and cloud-native architectures
• Strong knowledge of zero-trust security, IAM best practices, and endpoint security for macOS environments
• Proficiency in Python, Bash, or PowerShell for automation and security tooling improvements
• Familiarity with MITRE ATT&CK framework, threat intelligence services, and adversary simulation tools
• Experience in SOC metrics and KPI tracking (MTTD, MTTR, false positive rates, tool uptime, etc.)
• Knowledge of security and compliance frameworks such as ISO 27001, AICPA SOC 2, GDPR, and NIST CSF
• A strong problem-solving and agile mindset, with the ability to balance security priorities with business objectives
• Excellent communication skills to engage with executive stakeholders, IT teams, and internal/external auditors

Responsibilities

• Lead both SOC and SecOps domains, ensuring strong alignment between threat detection, incident response, and security tool operations
• Develop and refine cloud-focused threat detection strategies, ensuring cloud security best practices are implemented across SIEM, EDR, and XDR solutions
• Own incident response strategy and playbooks, ensuring fast and efficient detection, containment, and remediation of threats
• Oversee cloud security services to harden our cloud security posture
• Optimize security tools such as EDR/EPP, SIEM, VPN, Email Security, Network Security, DNS Security, IAM
• Implement security automation and orchestration (SOAR) to improve incident response efficiency
• Ensure zero-trust security principles are applied to identity management (IAM), endpoint security (macOS), and SaaS security configurations
• Conduct continuous security validation (CTEM) to proactively test and enhance detection and response capabilities
• Work closely with DevOps, IT, and engineering teams to integrate security into the development and deployment lifecycle
• Act as the primary escalation point for high-severity security incidents
• Track and improve SOC performance metrics (MTTD, MTTR, dwell time) and SecOps KPIs related to tool uptime and efficiency
• Ensure compliance with ISO 27001, AICPA SOC 2, and other industry security frameworks relevant to SaaS-based organizations
• Mentor and develop SOC and SecOps engineers, fostering a culture of security excellence and continuous learning

Benefits

• Fascinating work - a chance to shape and lead an exciting, fast-growing cyber security segment
• Unlimited opportunity! We are growing. At Picus, you'll be provided with as much responsibility as you can handle - new career development opportunities constantly arise given our rate of growth
• Global exposure - Get a lot of experience working not only in a fast-growing startup but also interact with customers all around the world
• Be part of a global remote team who is taking on Exposure Validation and a growing market segment