Security Operations Center Lead

Role

Title:

Security Operations Center (SOC) & Incident Response (IR) Lead

Location:

Costa Rica, Poland & Mexico

Key Responsibilities
1. SOC Operations Leadership
Lead day‑to‑day  Tier‑1 and Tier‑2 SOC operations  across shifts and locations, ensuring consistent execution of monitoring, triage, investigation, and escalation.
Enforce  playbook adherence, severity calibration, and investigation quality standards  across all SOC analysts.
Own  shift governance , including handovers, coverage planning, and operational readiness.

2. Incident Response Leadership
Act as the  Incident Commander  for major and high‑severity security incidents.
Coordinate  cross‑functional response  involving SOC analysts, IT operations, cloud teams, OT/manufacturing teams, and customer stakeholders.
Ensure containment and remediation actions are  risk‑aware , avoiding unintended business or production impact.
Drive  clear, timely communication  during incidents, including executive updates and stakeholder briefings.

3. Escalation, Governance & Decision Support
Own the  SOC escalation framework , ensuring correct decision‑making paths to Tier‑3, security leadership, and business stakeholders.
Provide  decision support to CISO / Security Leadership , including impact assessment, response options, and risk trade‑offs.
Ensure incidents are managed in line with  defined SLAs, KPIs, and regulatory expectations .

4. Quality Assurance & Continuous Improvement
Conduct  post‑incident reviews (PIRs) , root‑cause analysis, and lessons‑learned sessions.
Identify and drive improvements in:
Detection quality
Noise reduction
Repeat incident elimination
Playbook effectiveness
Work closely with SOC engineering / automation teams to  operationalize improvements .

5. Audit‑Ready Documentation & Compliance
Ensure all incidents have  complete, defensible documentation , including timelines, decisions, actions, and evidence.
Support  internal audits, customer audits, and regulatory reviews  with accurate SOC records and reporting.
Enforce secure handling of sensitive data, credentials, and forensic artifacts.

6. Team Leadership & Capability Development
Mentor and guide Tier‑1 and Tier‑2 SOC analysts on investigation techniques, incident handling, and escalation judgment.
Identify skill gaps and coordinate  training, simulations, and tabletop exercises .
Foster a culture of  accountability, calm execution, and continuous learning  within the SOC.
Key Skills & Competencies
Technical & Operational
Strong hands‑on understanding of  SOC operations, SIEM‑driven monitoring, and incident response workflows .
Experience leading investigations across  endpoint, network, cloud, application, and (where applicable) OT environments .
Solid knowledge of  incident response frameworks  (e.g., NIST‑aligned practices).
Familiarity with  playbook‑driven response and SOAR‑assisted automation  (decision‑led, not tool‑led).
Leadership & Communication
Proven ability to  lead under pressure  during high‑impact incidents.
Clear, concise communication with  technical teams and executive stakeholders .
Strong judgment in balancing  speed, safety, and business impact .
Experience & Qualifications
10–14+ years  in cybersecurity operations, with  direct SOC and IR leadership experience .
Prior role as  SOC Lead, IR Lead, SOC Manager, or equivalent  in an enterprise or MSSP environment.
Experience operating  24×7 global SOCs  and managing major security incidents.
Relevant certifications preferred (e.g., CISSP, CISM, GCIH, GCED), but  operational leadership experience is primary .