SOC Lead

- Lead proactive, hypothesis-driven threat hunting activities across endpoint, network, cloud, identity, and SaaS environments - Develop and maintain threat hunting playbooks aligned to MITRE ATT&CK techniques - Identify stealthy, low-and-slow, and novel attack patterns not detected by automated controls - Translate threat intelligence into actionable hunt hypotheses - Continuously refine detection logic based on hunt outcomes and emerging threats - Lead complex and high-severity security investigations from triage through containment and remediation - Act as the technical escalation point for advanced SOC investigations - Conduct root cause analysis and attacker kill-chain reconstruction - Produce clear, defensible investigation documentation suitable for executive, legal, and regulatory audiences - Coordinate incident response activities with IR, IT, Legal, Risk, and external partners as required - Define investigation standards, workflows, and quality benchmarks - Mentor and upskill SOC analysts in hunting methodologies and investigative techniques - Review and improve alert fidelity, detection coverage, and response effectiveness - Provide technical oversight for tooling such as SIEM, EDR/XDR, NDR, SOAR, and cloud-native security platforms - Collaborate with detection engineers to convert hunt findings into new or improved detections - Identify visibility gaps and recommend logging, telemetry, and tooling improvements - Validate detection performance through purple team activities and simulation - Consume and operationalise internal and external threat intelligence - Maintain awareness of attacker tactics, tools, and campaigns relevant to the organization - Act as a key interface between SOC, Threat Intel, Red Team, and Vulnerability Management - Track and report on hunt coverage, outcomes, dwell time, MTTR, and investigation quality - Provide regular insights to senior leadership on threat trends and risk posture