SOC Second Shift Team Lead (Onsite)

Location:

Our Cyber Threat Response team (aka the SOC) rolls up into Keys broader Cyber Defense function within Corporate Information Security. Cyber Defenses mission is simple: We aim to Deter Detect Deny and Disrupt adversaries through proactive threat-centric defense.

Are you a seasoned cybersecurity professional with a passion for leading from the front lines of cyber defense Were seeking a dynamic and technically proficient Security Operations Center (SOC) Team Lead to oversee second-shift operations within our Cyber Threat Response team. In this crucial role youll lead daily SOC activities ensuring swift and effective triage of security events and incidents. Youll serve as a technical escalation point mentor and develop analysts and foster a high-performance culture rooted in accountability continuous improvement and operational excellence. This is an opportunity for a self-driven leader to make a tangible impact in a fast-paced mission-critical environment.

Key Responsibilities

• Lead and support SOC analysts during the second shift ensuring effective monitoring triage containment and response to security incidents.
• Coordinate incident response activities and ensure prompt documentation and resolution.
• Maintain and improve shift-specific SOC processes playbooks and standard operating procedures.
• Produce comprehensive incident reports with root cause analysis timelines and recommended corrective actions.
• Continuously improve SOC performance by tracking and reporting on key metrics such as mean time to detect (MTTD) mean time to respond (MTTR) and false positive rates. Use data to drive process optimization and analyst efficiency.
• Participate in tabletop and purple team exercises.
• Conduct proactive threat hunting and analysis to identify emerging threats and vulnerabilities.
• Providing detailed shift handover reports collaborating with other shift leads to ensure operational continuity.
• Serve as an escalation point mentor and develop SOC analysts raising the technical bar through case reviews scenario-based training and real-time guidance during critical events.
• Stay current with evolving threat landscapes and recommend improvements to tools processes and detection strategies. Understand threats across infrastructure application and cloud layers.
• Support Incident Response and Detection Engineering development activities.
• Ability to provide after-hours support as part of a monthly scheduled on-call rotation.
• Contribute to post-incident reviews and lessons learned helping improve detection logic containment actions playbooks and response strategy over time.

Required Qualifications

• Bachelors in Computer Science Cybersecurity or related fieldor equivalent experience
• 2 years in a SOC Incident Response or digital forensics role.
• Proficient with core security technologies including SIEM platforms EDR solutions packet capture tools and forensic analysis toolkits.
• Knowledge of MITRE ATT&CK and D3FEND frameworks network protocols malware behavior and adversary TTPs.
• Solid understanding of cloud service providers (AWS GCP Azure) and the unique security challenges they present in modern SOC environments.
• Deep awareness of evolving cyber threats with contextual understanding of risks specific to the financial services industry.
• Demonstrated ability to perform risk-based analysis and make sound decisions under pressure.
• Experience with scripting languages such as Python PowerShell Bash or similar languages.
• Proven incident response capabilities including threat analysis containment and root cause diagnosis.
• History of identifying and implementing process improvements that enhance SOC efficiency and effectiveness.
• Initiative-taker with strong initiative capable of working independently and managing competing priorities.
• Passionate about continuous learning and staying current with emerging technologies and threat landscapes.
• Experienced in mentoring and coaching team members with a focus on technical growth and professional development.

Preferred Certifications

• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Certified Enterprise Defender (GCED)
• GIAC Security Operations Certified (GSOC)
• GIAC Continuous Monitoring (GMON)
• GIAC Reverse Engineering Malware (GREM)
• CompTIA Cybersecurity Analyst (CySA)
• CompTIA Security (Sec)
• CompTIA Network (Net)

COMPENSATION AND BENEFITS

This position is eligible to earn a base salary in the range of $100000 to $130000 annually depending on location and job-related factors such as level of experience. Compensation for this role also includes eligibility for short-term incentive compensation and deferred incentive compensation subject to individual and company performance.

Please click here for a list of benefits for which this position is eligible.