SOC Team Lead; Tier 1

SOC Team Lead Company Overview

Our client is a leading cybersecurity firm establishing a next‑generation Security Operations Center (SOC) to deliver world‑class monitoring, detection, and incident response capabilities. Built on advanced analytics, automation, and threat intelligence, this SOC is designed to serve as a central pillar of enterprise defense across diverse digital environments. The company is seeking exceptional security professionals to shape, lead, and evolve this capability into a benchmark for operational excellence and resilience.

Location:

Abu Dhabi, UAE

We are seeking an experienced SOC Team Lead to manage daily operations within a 24/7 Security Operations Center. This role acts as the primary focal point for all SOC activities — ensuring seamless coordination between analysts, engineering teams, and senior leadership. The SOC Team Lead will drive operational performance, enhance detection and response capabilities, and ensure that the SOC functions as a highly reliable, intelligence‑driven defense unit.

• Serve as the central coordination point for all SOC activities and report to Management
• Lead and supervise a team of SOC analysts (L1–L3) and engineers, ensuring 24/7 operational coverage
• Oversee daily monitoring, triage, and incident management workflows
• Act as the primary escalation point during major incidents and coordinate response actions
• Define, maintain, and continuously improve SOC playbooks, workflows, and escalation procedures
• Review and optimize SIEM correlation rules, dashboards, and alerts to enhance detection quality
• Track and report on SOC KPIs and metrics such as MTTD, MTTR, incident volume, and closure rates
• Collaborate with IT, cloud, and compliance teams to align detection and response with enterprise policies
• Ensure adherence to recognized security frameworks (MITRE ATT&CK, ISO 27001, NIST 800-61)
• Support strategic initiatives led by Management, including automation, maturity assessments, and technology upgrades
• Mentor and develop SOC analysts, fostering continuous learning and technical growth
• Represent the SOC in cross‑departmental meetings, incident reviews, and management briefings

• 7+ years of experience in cybersecurity operations, with at least 3 years in a SOC leadership or senior analyst role
• Proven experience leading SOC teams and managing operational workflows
• Deep technical knowledge of SIEM, SOAR, and EDR platforms (Elastic, Splunk, Sentinel, Defender, Crowd Strike)
• Hands‑on experience with incident response, forensics, and detection engineering
• Strong understanding of threat frameworks, logging pipelines, and automation
• Excellent communication and stakeholder management skills
• Bachelor’s degree in Computer Science, Cybersecurity, or a related field
• Preferred certifications: CISSP, CISM, GCIH, or equivalent

• Platforms:
  Elastic Stack, Splunk, Microsoft Sentinel, Defender, Crowd Strike
• Frameworks: MITRE ATT&CK, NIST 800-61, ISO 27001, CIS Controls
• Tools: SIEM, SOAR, EDR, IDS/IPS, threat intelligence platforms
• Processes:
  Incident triage, containment, threat hunting, root cause analysis
• Automation:
  Python, Power Shell scripting, and orchestration workflows

• Lead a next‑generation SOC within a rapidly evolving cybersecurity environment
• Influence SOC strategy, tooling, and future capability expansion
• Collaborate with a high‑performing technical and leadership team
• Access ongoing professional development and leadership opportunities

Our recruitment process is designed to evaluate both technical expertise and leadership ability. Shortlisted candidates will participate in an initial interview to discuss operational management experience, detection strategies, and leadership style. Subsequent stages may include scenario‑based assessments to evaluate situational awareness, decision‑making, and cultural alignment. Final candidates will have the opportunity to engage with the wider security leadership team to explore collaboration style, communication, and long‑term career progression.