{bc}
indeed

SOC Team Lead

Qode
, UAE
Full Time
Lead
Onsite
1 weeks ago
SIEMMicrosoft SentinelSplunkIBM QRadarIncident ResponseThreat Detection
Free

Job Fit Check

Base Career helps you apply smarter for this job.

?%
Ready to Scan

Key skills for this role

SIEMMicrosoft SentinelSplunk
Smart Apply

Full Job Posting

Role Overview

  • The SOC Team Lead is a senior hands on role responsible for the day to day leadership of the ITHR Security Operations team.
  • You will oversee a team of SOC analysts (L1/L2/L3), own the quality of detection and response across monitored customer environments, and serve as the primary escalation point for significant incidents.
  • This role combines technical depth with people leadership and operational excellence.

Key Responsibilities

  • Lead, mentor, and develop a team of L1, L2, and L3 SOC analysts, owning shift coverage, performance management, and professional growth.
  • Serve as the primary escalation point for high severity and complex incidents across monitored customer environments.
  • Conduct and oversee threat detection, alert triage, investigation, and incident response activities while remaining actively involved in analysis and investigation work.
  • Lead threat hunting initiatives by proactively identifying indicators of compromise, attacker persistence mechanisms, lateral movement, and emerging threats.
  • Own and continuously improve SIEM correlation rules, detection logic, use cases, and alert tuning to reduce false positives and improve detection effectiveness.
  • Develop, maintain, and enforce incident response playbooks, operational runbooks, and escalation procedures to ensure consistent execution across the SOC.
  • Produce and review customer facing incident reports, security advisories, executive summaries, and monthly service reports to ensure clarity, accuracy, and business relevance.
  • Manage SLA adherence across detection, triage, escalation, containment, and response activities, identifying bottlenecks and implementing service improvements.
  • Collaborate with DFIR teams on post incident reviews, lessons learned exercises, and continuous enhancement initiatives.
  • Coordinate with customers and internal delivery teams during active incidents, providing updates, guiding containment actions, and managing stakeholder expectations.
  • Support customer onboarding activities including log source integration, use case development, baseline establishment, and initial detection tuning.
  • Stay current with the threat landscape, attacker methodologies, regional threat actors, and emerging attack trends, translating these insights into actionable improvements.

Required Qualifications (Must Have)

  • 5–8 years of experience in security operations, with at least 2 years in a senior analyst or team lead capacity.
  • Proven hands on experience with SIEM platforms including rule development, log integration, alert tuning, investigation workflows, and detection engineering.
  • Experience with Microsoft Sentinel, Splunk, IBM QRadar, or similar enterprise SIEM technologies.
  • Strong practical understanding of incident response methodologies including triage, containment, eradication, recovery, and post incident activities.
  • Deep understanding of attacker tactics, techniques, and procedures (TTPs) and strong familiarity with the MITRE ATT&CK framework.
  • Hands on experience with endpoint detection and response technologies such as CrowdStrike, SentinelOne, Mic

Apply for this job in 1 click

Skip the repetitive application forms

Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.

Sarah M.James T.Maya R.

Trusted by over 500,000 job seekers on Base Career

Start Free Today

More from this employer

More jobs at Qode