Job Title: SOC Team Lead – Saudi National. Department: Managed Security Services - Security Operations Center (SOC). Reports To: Cybersecurity Operations Manager **Purpose** The SOC Team Lead is responsible for leading and supervising Security Operations Center activities within a managed security services environment, ensuring the effective delivery of monitoring, detection, analysis, escalation, incident response coordination, and reporting services to clients. The role is accountable for maintaining operational excellence, ensuring compliance with contractual, regulatory, and internal requirements, and supporting the organization’s managed SOC service objectives in alignment with applicable NCA cybersecurity requirements. Responsibilities 1. SOC Service Operations · Lead day-to-day SOC operations to ensure the effective delivery of managed security monitoring and incident handling services to clients. · Supervise SOC analysts and senior analysts, including shift management, workload distribution, queue monitoring, and quality assurance. · Ensure timely triage, investigation, escalation, and closure of security alerts, events, and incidents in accordance with defined service levels and internal procedures. · Maintain SOC runbooks, operational procedures, escalation matrices, and client-specific response playbooks. · Support the continuous improvement of SOC processes, workflows, service quality, and operational efficiency. 2. Security Monitoring and Detection Management · Oversee the effective operation of security monitoring technologies, including SIEM, SOAR, EDR/XDR, threat intelligence platforms, and log management solutions. · Ensure the onboarding, integration, and health monitoring of client log sources, security controls, and telemetry feeds. · Review and optimize correlation rules, alert logic, and detection use cases to enhance visibility and reduce false positives. · Ensure monitoring coverage is aligned with client requirements, service scope, and applicable regulatory obligations. · Validate log quality, retention, integrity, time synchronization, and access controls across monitored environments. 3. Incident Response and Escalation Management · Lead the coordination of security incident handling activities from detection through analysis, containment, eradication, recovery, and post-incident review. · Ensure incidents are classified, prioritized, documented, and escalated appropriately based on severity, business impact, and contractual obligations. · Coordinate with internal teams, client stakeholders, and third parties during major incidents and service escalations. · Support incident communications, reporting, and service notifications in line with internal standards and client requirements. · Ensure evidence handling and documentation are maintained in accordance with investigation and compliance requirements. 4. Threat Intelligence and Threat Hunting · Support the collection, review, and operationalization of threat intelligence to improve detection and response capability. · Ensure intelligence outputs are translated into actionable use cases, watchlists, alerts, and response measures. · Lead or support proactive threat hunting activities based on threat trends, indicators of compromise, and attacker tactics, techniques, and procedures. · Contribute to the development of intelligence-driven detection and service enhancement initiatives. 5. Client Service and Stakeholder Management · Act as an operational focal point for assigned clients on SOC service delivery matters. · Support client communications related to service performance, major incidents, escalations, and reporting. · Ensure client requirements, contractual obligations, and service expectations are understood and reflected in daily SOC operations. · Contribute to service review meetings, operational reporting, and client satisfaction initiatives. · Coordinate with internal support teams to address service gaps, operational issues, and improvement opportunities. 6. Team Leadership and Capability Development · Lead, coach, and mentor SOC personnel to maintain a high-performing and service-oriented team environment. · Set performance expectations and support ongoing development through feedback, coaching, and training recommendations. · Conduct regular shift reviews, case quality reviews, and performance follow-up activities. · Identify capability gaps and support knowledge development across monitoring, investigation, and response functions. · Promote a culture of professionalism, accountability, collaboration, and continuous improvement. · Ensure SOC operations are conducted in accordance with internal policies, service standards, contractual obligations, and applicable regulatory requirements. · Prepare operational dashboards and management reports covering service levels, incident statistics, alert volumes, response times, and performance trends. · Support internal and external audits, compliance reviews, tabletop exercises, and evidence collection activities. · Ensure SOC documentation is current, approved, and periodically reviewed. · Track remediation actions, service improvements, and control gaps identified through operations, audits, and incident reviews. Qualifications and Experience · Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Information Technology, or a related field. · Minimum of 3 years of relevant cybersecurity experience, including at least 2 years in SOC operations, incident response, or security monitoring leadership. · Proven experience in a Managed Security Service Provider (MSSP) or managed SOC services environment. · Strong experience in security monitoring, incident handling, escalation management, and SOC service delivery. · Good understanding of cybersecurity operations, threat management, and client-facing service environments. · Knowledge of Saudi cybersecurity regulatory requirements, particularly NCA requirements relevant to security monitoring and incident management. · Strong communication and reporting skills in English; Arabic is preferred. Preferred Certifications · CISSP, CISM, GCIH, GCIA, GCFA · ITIL Foundation or equivalent service management certification · Relevant SIEM, SOAR, or vendor-specific security operations certifications are an advantage Technical Skills · SIEM administration, content tuning, use case development, and alert tuning · Incident handling, escalation management, and threat intelligence operationalization · Log source integration, event correlation, and raw log file analysis · Endpoint, network, email, identity, and cloud security monitoring · Reporting, metrics, and SOC operational governance · Familiarity with DFIR processes, evidence handling, and malware investigations · Experience with scripting and automation using Python or PowerShell to improve SOC efficiency · Experience working in a Managed Security Service Provider (MSSP) environment · Experience with SOAR platforms and security automation workflows · Knowledge of incident response standards and frameworks such as NIST SP 800-61 and SANS PICERL · Experience with network security tools, network traffic analyzers, firewall logs, network flows, IDS/IPS, system logs, memory dumps, and vulnerability management tools · Experience with SIEM platforms, especially Splunk, QRadar, Wazuh, and other enterprise or open-source equivalents · Previous experience in incident response and threat hunting Core Competencies · Leadership and people management · Client service orientation · Sound judgment and decision-making under pressure · Incident communication and stakeholder coordination · Analytical thinking and problem-solving · Planning, prioritization, and operational discipline · Quality focus and attention to detail · Strong documentation and reporting skills Key Performance Indicators · Mean Time to Detect (MTTD) · Mean Time to Respond / Contain (MTTR) · SLA compliance for alert triage and incident escalation · Incident handling quality and reporting accuracy · Detection use case effectiveness and tuning efficiency · Reduction in false positive rates · Log source onboarding and monitoring coverage progress · Client service quality and operational satisfaction · Audit and compliance readiness · Team productivity and capability development