{bc}
indeed

SOC Team Lead – Saudi National Only

BRAINS VALLEY
الرياض, KSA
Full Time
Lead
Onsite
1 weeks ago
SIEMSOAREDR/XDRIncident ResponseThreat IntelligenceThreat Hunting
Free

Job Fit Check

Base Career helps you apply smarter for this job.

?%
Ready to Scan

Key skills for this role

SIEMSOAREDR/XDR
Smart Apply

Full Job Posting

Purpose

  • The SOC Team Lead is responsible for leading and supervising Security Operations Center activities within a managed security services environment, ensuring the effective delivery of monitoring, detection, analysis, escalation, incident response coordination, and reporting services to clients.

Responsibilities

  • Lead day to day SOC operations to ensure the effective delivery of managed security monitoring and incident handling services to clients.
  • Supervise SOC analysts and senior analysts, including shift management, workload distribution, queue monitoring, and quality assurance.
  • Ensure timely triage, investigation, escalation, and closure of security alerts, events, and incidents in accordance with defined service levels and internal procedures.
  • Maintain SOC runbooks, operational procedures, escalation matrices, and client specific response playbooks.
  • Support the continuous improvement of SOC processes, workflows, service quality, and operational efficiency.
  • Oversee the effective operation of security monitoring technologies, including SIEM, SOAR, EDR/XDR, threat intelligence platforms, and log management solutions.
  • Ensure the onboarding, integration, and health monitoring of client log sources, security controls, and telemetry feeds.
  • Review and optimize correlation rules, alert logic, and detection use cases to enhance visibility and reduce false positives.
  • Lead the coordination of security incident handling activities from detection through analysis, containment, eradication, recovery, and post incident review.
  • Support the collection, review, and operationalization of threat intelligence to improve detection and response capability.
  • Lead, coach, and mentor SOC personnel to maintain a high performing and service oriented team environment.
  • Prepare operational dashboards and management reports covering service levels, incident statistics, alert volumes, response times, and performance trends.

Qualifications and Experience

  • Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Information Technology, or a related field.
  • Minimum of 5 years of relevant cybersecurity experience, including at least 2 years in SOC operations, incident response, or security monitoring leadership.
  • Proven experience in a Managed Security Service Provider (MSSP) or managed SOC services environment.
  • Strong experience in security monitoring, incident handling, escalation management, and SOC service delivery.
  • Good understanding of cybersecurity operations, threat management, and client facing service environments.
  • Knowledge of Saudi cybersecurity regulatory requirements, particularly NCA requirements relevant to security monitoring and incident management.
  • Strong communication and reporting skills in English; Arabic is preferred.

Preferred Certifications

  • CISSP, CISM, GCIH, GCIA, GCFA
  • ITIL Foundation or equivalent service management certification
  • Relevant SIEM, SOAR, or vendor specific security operations certifications are an advantage

Technical Skills

  • SIEM administration, content tuning, use case development, and alert tuning
  • Incident handling, escalation management, and threat intelligence operationalization
  • Log source integration, event correlation, and raw log file analysis
  • Endpoint, network, email, identity, and cloud security monitoring
  • Reporting, metrics, and SOC operational governance
  • Familiarity with DFIR processes, evidence handling, and malware investigations
  • Experience with scripting and automation using Python or PowerShell to improve SOC efficiency
  • Experience working in a Managed Security Service Provider (MSSP) environment
  • Experience with SOAR platforms and security automation workflows
  • Knowledge of incident response standards and frameworks such as NIST SP 800 61 and SANS PICERL
  • Experience with network security tools, network traffic analyzers, firewall logs, network flows, IDS/IPS, system logs, memory dumps, and vulnerability management tools
  • Experience with SIEM platforms, especially Splunk, QRadar, Wazuh, and other enterprise or open source equivalents

Core Competencies

  • Leadership and people management
  • Client service orientation
  • Sound judgment and decision making under pressure
  • Incident communication and stakeholder coordination
  • Analytical thinking and problem solving
  • Planning, prioritization, and operational discipline
  • Quality focus and attention to detail
  • Strong documentation and reporting skills

Key Performance Indicators

  • Mean Time to Detect (MTTD)
  • Mean Time to Respond / Contain (MTTR)
  • SLA compliance for alert triage and incident escalation
  • Incident handling quality and reporting accuracy
  • Detection use case effectiveness and tuning efficiency
  • Reduction in false positive rates
  • Log source onboarding and monitoring coverage progress
  • Client service quality and operational satisfaction
  • Audit and compliance readiness
  • Team productivity and capability development

Work Location

  • In person

Apply for this job in 1 click

Skip the repetitive application forms

Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.

Sarah M.James T.Maya R.

Trusted by over 500,000 job seekers on Base Career

Start Free Today

More from this employer

More jobs at BRAINS VALLEY