SOC Manager
Job Summary
About Mobiz
Mobiz is a global technology services leader Microsoft-aligned managed services and cloud solutions provider empowering mid-market and enterprise organizations across North America and the Middle East. We deliver end-to-end IT operations Modern Work and Security Data and AI cybersecurity infrastructure and digital transformation servicesdriving resilience innovation and measurable business impact at scale.
With a Solutions Partner designation and active pursuit of Azure Expert MSP status Mobiz combines the agility of a boutique consultancy with the delivery rigor of a tier-1 NOC and SOC teams operate as the always-on backbone of client environments monitoring thousands of endpoints network nodes and cloud workloads around the clock.
What Can You Expect
Every day at Mobiz we work with a deep sense of purpose. We continuously innovate. Our mission is to empower our clients to do more through transformation. Youll work in a collaborative environment alongside highly talented people that improve client operations and exceed expectations. We strive to simplify technology challenges and no less.
Who Are We Looking For
The SOC Manager leads Mobizs Security Operations Center owning the end-to-end detection analysis and response capability that protects client environments across cloud network identity and endpoint attack surfaces. Reporting to the Director of Engineering this role is accountable for analyst team performance detection engineering quality threat intelligence operationalization and client-facing security reporting. The SOC Manager operates at the intersection of technical depth and operational leadership capable of reviewing a SIEM detection rule in the morning leading a ransomware containment call at noon and presenting a security posture briefing to a client CISO in the afternoon. The ideal candidate brings proven hands-on IR experience strong familiarity with the Microsoft security stack and a track record of building high-performing SOC teams in a managed services environment.
Key Responsibilities
1. Detection & Incident Response
- Own the full threat lifecycle alert triage investigation escalation containment eradication and post-incident review across all monitored client tenants.
- Serve as senior IR authority for P1 security incidents; lead containment decisions coordinate cross-functional response (NOC engineering legal insurance) and manage client communications throughout.
- Direct and quality-review Tier 1 and Tier 2 analyst work; ensure investigation notes timelines and evidence are complete and defensible.
- Lead post-incident reviews (PIRs) and Lessons Learned sessions for all major security events; track action items through closure.
- Maintain and continuously improve incident response playbooks for ransomware business email compromise (BEC) identity compromise data exfiltration and insider threat scenarios.
2. Detection Engineering & Threat Intelligence
- Own the detection rule library in Microsoft Sentinel (or equivalent SIEM); drive ongoing tuning coverage gap analysis and MITRE ATT&CK alignment.
- Develop test and deploy new detection rules in response to emerging threats threat intelligence feeds and post-incident findings.
- Operationalize threat intelligence that translate CTI feeds vendor advisories and ISAC alerts into actionable detections hunts and hardening recommendations.
- Lead proactive threat hunting operations across client environments; document findings refine TTPs and convert hunts into persistent detections.
- Collaborate with the vulnerability management practice to prioritize remediation based on active threat actor targeting and client exposure.
3. Team Leadership & Analyst Development
- Lead schedule and develop a team of SOC analysts (Tier 13) and detection engineers across shift rotations including 247 on-call coverage.
- Define analyst career paths aligned to Mobizs engineer tiering framework; build and execute individual development plans with certification goals (SC-200 CySA GCIH etc.).
- Conduct structured 1:1s performance reviews and skills assessments; address performance gaps with coaching plans before they escalate.
- Lead shift handover procedures ensuring full operational context open incidents active hunts suppressed alerts is transferred at each boundary.
- Build a team culture of intellectual curiosity operational discipline and continuous threat learning.
4. SOC Platform & Tooling
- Own the SOC tooling stack including Microsoft Sentinel Defender XDR (MDE MDO MDI MDCA) CrowdStrike Falcon and integrated SOAR/automation workflows.
- Drive SOAR playbook development to automate repetitive triage tasks enrichment workflows and low-complexity response actions.
- Maintain integration health between SIEM EDR identity (Entra ID / AAD) email security and ITSM (ServiceNow) platforms.
- Evaluate new security tooling and provide recommendations to the Director of Engineering on platform investments and coverage gaps.
- Ensure log source coverage completeness across all client tenants; manage onboarding of new data connectors and normalization rules.
5. Client Engagement & Reporting
- Prepare and deliver monthly Security Operations Reports (SORs) covering detection metrics incident summaries threat landscape context and recommended hardening actions.
- Participate in client security reviews and Quarterly Business Reviews (QBRs); present SOC posture findings to technical and executive audiences.
- Manage client communication during active security incidents status updates containment milestones regulatory notification timelines and post-incident summaries.
- Coordinate with legal counsel (BakerHostetler or client-designated) cyber insurance carriers (AIG and others) and DFIR partners (Kroll Fenix24) during major incidents.
- Support presales and proposal efforts by providing SOC capability narratives detection coverage matrices and IR SLA definitions.
6. Governance Compliance & Risk
- Maintain SOC policies procedures and evidence retention standards in alignment with NIST CSF CIS Controls and client contractual requirements.
- Support client audit and compliance engagements (SOC 2 ISO 27001 HIPAA CMMC) by providing SOC operational evidence and control narratives.
- Track and report on SOC KPIs to the Director of Engineering; surface capacity risks coverage gaps and tooling deficiencies proactively.
- Maintain awareness of regulatory and legal obligations (GDPR CCPA state breach notification laws) relevant to incident response timelines and client notifications
Candidate Profile: Requirements & Preferred Qualifications
Required Qualifications
- Bachelors/Masters degree in Computer Science or related field.
- 7 years of information security experience with at least 3 years in a SOC leadership or senior analyst role.
- Proven hands-on experience leading incident response for high-severity events (ransomware BEC APT insider threat) in an MSP or enterprise environment.
- Deep expertise with Microsoft Sentinel rule authoring in KQL workbook development data connector management and SOAR playbook design.
- Strong working knowledge of the Microsoft Defender XDR suite: Defender for Endpoint (MDE) Defender for Office 365 (MDO) Defender for Identity (MDI) and Defender for Cloud Apps (MDCA).
- Solid understanding of identity-based attack chains Pass-the-Hash Pass-the-Ticket Golden Ticket token theft Entra ID OAuth abuse and corresponding detection/containment strategies.
- Familiarity with attacker TTPs mapped to MITRE ATT&CK; ability to build and maintain detection coverage matrices.
- Experience with ITSM platforms for incident tracking and SLA governance; ServiceNow strongly preferred.
- Excellent communication skills able to write clear incident timelines executive summaries and technical PIR reports.
Preferred Qualifications
- Microsoft certifications: SC-200 (Security Operations Analyst) SC-300 (Identity & Access) AZ-500 (Azure Security Engineer) or SC-100 (Cybersecurity Architect).
- Industry certifications: GCIA GCIH GCFA (GIAC) CySA (CompTIA) or CISSP.
- Experience with CrowdStrike Falcon EDR policy management threat graph analysis and OverWatch integration.
- Hands-on DFIR experience: memory forensics disk imaging log correlation and chain-of-custody evidence handling.
- Exposure to OT/ICS environments SCADA monitoring or industrial network security.
- Familiarity with Palo Alto Cortex XSIAM Splunk or QRadar as SIEM alternatives or migration contexts.
- Scripting proficiency: KQL (advanced) PowerShell Python for detection automation log parsing and threat hunting.
- Experience working alongside legal counsel and cyber insurers during major incident response engagements.
Core Technical Skill Set
The following technologies and platforms are central to success in this role:
- SIEM: Microsoft Sentinel (primary) KQL Analytics Rules Workbooks SOAR Playbooks (Logic Apps)
- EDR / XDR: Microsoft Defender for Endpoint CrowdStrike Falcon (client-dependent)
- Email & Identity Security: Defender for Office 365 Defender for Identity Defender for Cloud Apps
- Cloud Security: Microsoft Defender for Cloud Azure Security Center Secure Score
- Identity Platform: Microsoft Entra ID Privileged Identity Management (PIM) Conditional Access
- ITSM: ServiceNow (Incidents Security Cases Change Knowledge)
- Network Security: Palo Alto Panorama Fortinet FortiManager WatchGuard Cisco Meraki
- Threat Intelligence: Microsoft Threat Intelligence ISAC feeds vendor advisories
- DFIR Partners: Kroll Fenix24 (external IR augmentation on major engagements)
- Automation & Scripting: PowerShell KQL Python n8n Azure Logic Apps
- Communication & Reporting: Microsoft 365 Teams Dynamics 365 CRM SharePoint
Core Competencies (Power Skills)
- Threat-Informed Detection Engineering Mindset
- Communication Clarity Across Technical and Executive Layers
- Emotional Intelligence & Situational Awareness
- Governance Compliance & Risk Accountability
- Advanced Analytical Thinking & Forensic Reasoning
- Microsoft Security Ecosystem Fluency (Cloud Identity Endpoint)
- Executive Communication & Client Trust Management
- SOC Engineering & Operational Excellence
- Critical thinking and decision making
What We Offer
- A team of bright hard-working and innovative people that will contribute to your growth.
- Competitive Salary and comprehensive benefits plan.
- A dynamic and collaborative work environment with opportunity to work with cutting-edge technology and innovative solutions.
Other
This is a full-time on-site position based in Karachi Pakistan.
Equal Opportunity & Diversity Commitment
At Mobiz we believe that diverse perspectives experiences and backgrounds strengthen our organization and drive innovation. We are committed to fostering an inclusive workplace where all employees are valued respected and empowered to succeed. As an equal opportunity employer we make employment decisions based on qualifications merit and business needs without regard to race gender age religion disability national origin or any other protected characteristic.
What Happens Next
Thank you for your interest in becoming part of Mobiz. We are committed to attracting exceptional talent and building a team that drives innovation excellence and meaningful impact. Every application is reviewed with care and consideration. If your experience and qualifications are a match for the role a member of our team will connect with you regarding the next stage of the hiring process.
We appreciate your interest in joining Mobiz and wish you success in your career endeavors.
Required Experience:
Manager
About Company
We are the execution partner for F500 technology leaders. We don't just advise. We architect, build, and deploy the systems that define your future.