SOC Team Lead
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
ITHR is seeking a SOC Team Lead to lead the Security Operations team in the UAE. The role involves overseeing L1/L2/L3 analysts, managing threat detection and incident response, and improving SIEM detection logic.
Key Skills for This Role
Responsibilities
- Lead, mentor, and develop a team of L1, L2, and L3 SOC analysts, owning shift coverage, performance management, and professional growth
- Serve as the primary escalation point for high severity and complex incidents across monitored customer environments
- Conduct and oversee threat detection, alert triage, investigation, and incident response activities
- Lead threat hunting initiatives by proactively identifying indicators of compromise, attacker persistence mechanisms, lateral movement, and emerging threats
- Own and continuously improve SIEM correlation rules, detection logic, use cases, and alert tuning
- Develop, maintain, and enforce incident response playbooks, operational runbooks, and escalation procedures
- Produce and review customer facing incident reports, security advisories, executive summaries, and monthly service reports
- Manage SLA adherence across detection, triage, escalation, containment, and response activities
- Collaborate with DFIR teams on post incident reviews and continuous enhancement initiatives
- Coordinate with customers and internal delivery teams during active incidents
- Support customer onboarding activities including log source integration, use case development, baseline establishment, and initial detection tuning
- Stay current with the threat landscape and translate insights into actionable improvements
Requirements
- 5 8 years of experience in security operations, with at least 2 years in a senior analyst or team lead capacity
- Hands on experience with SIEM platforms including rule development, log integration, alert tuning, investigation workflows, and detection engineering
- Experience with Microsoft Sentinel, Splunk, IBM QRadar, or similar enterprise SIEM technologies
- Strong understanding of incident response methodologies and attacker TTPs with familiarity with MITRE ATT&CK
- Hands on experience with EDR technologies such as CrowdStrike, SentinelOne, Microsoft Defender, or equivalent
- At least one of: CISSP, GCIH, GCFA, ISO/IEC 27001 Lead Implementer or Lead Auditor
- Strong reporting and communication capabilities
Full Job Posting
Job Description
- SOC Team Lead Managed Security Services
- Security Operations Centre
- Location: UAE / Middle East (On site)
- Employment Type: Full Time
- Department: Managed Security Services SOC
- Experience: 5 8 Years (SOC / Incident Response)
- Reports To: Director of Managed Services
About Ithr
- ITHR is a technology consulting and professional services organisation supporting enterprises across the UAE and Middle East with digital transformation, cybersecurity, ERP implementation, talent solutions, managed services, and custom application development.
- Our cybersecurity practice provides a comprehensive portfolio of services including Managed SOC, DFIR, VAPT, Network Security, Brand Protection, Security Advisory, and Managed Security Services.
- Our Managed SOC delivers continuous threat monitoring, detection, and response capabilities to customers across the region.
Role Overview
- The SOC Team Lead is a senior hands on role responsible for the day to day leadership of the ITHR Security Operations team.
- You will oversee a team of SOC analysts (L1/L2/L3), own the quality of detection and response across monitored customer environments, and serve as the primary escalation point for significant incidents.
- This role combines technical depth with people leadership and operational excellence.
Key Responsibilities
- Lead, mentor, and develop a team of L1, L2, and L3 SOC analysts, owning shift coverage, performance management, and professional growth.
- Serve as the primary escalation point for high severity and complex incidents across monitored customer environments.
- Conduct and oversee threat detection, alert triage, investigation, and incident response activities while remaining actively involved in analysis and investigation work.
- Lead threat hunting initiatives by proactively identifying indicators of compromise, attacker persistence mechanisms, lateral movement, and emerging threats.
- Own and continuously improve SIEM correlation rules, detection logic, use cases, and alert tuning to reduce false positives and improve detection effectiveness.
- Develop, maintain, and enforce incident response playbooks, operational runbooks, and escalation procedures to ensure consistent execution across the SOC.
- Produce and review customer facing incident reports, security advisories, executive summaries, and monthly service reports to ensure clarity, accuracy, and business relevance.
- Manage SLA adherence across detection, triage, escalation, containment, and response activities, identifying bottlenecks and implementing service improvements.
- Collaborate with DFIR teams on post incident reviews, lessons learned exercises, and continuous enhancement initiatives.
- Coordinate with customers and internal delivery teams during active incidents, providing updates, guiding containment actions, and managing stakeholder expectations.
- Support customer onboarding activities including log source integration, use case development, baseline establishment, and initial detection tuning.
- Stay current with the threat landscape, attacker methodologies, regional threat actors, and emerging attack trends, translating these insights into actionable improvements.
Required Qualifications (must have)
- 5 8 years of experience in security operations, with at least 2 years in a senior analyst or team lead capacity.
- Proven hands on experience with SIEM platforms including rule development, log integration, alert tuning, investigation workflows, and detection engineering.
- Experience with Microsoft Sentinel, Splunk, IBM QRadar, or similar enterprise SIEM technologies.
- Strong practical understanding of incident response methodologies including triage, containment, eradication, recovery, and post incident activities.
- Deep understanding of attacker tactics, techniques, and procedures (TTPs) and strong familiarity with the MITRE ATT&CK framework.
- Hands on experience with endpoint detection and response technologies such as CrowdStrike, SentinelOne, Microsoft Defender, or equivalent solutions.
- Experience with network security monitoring, IDS/IPS technologies, firewall investigations, and anomaly detection techniques.
- Strong reporting and communication capabilities, including production of executive ready incident reports and customer communications.
- Demonstrated ability to lead, coach, and develop analysts within a shift based operational environment.
- At least one of the mandatory certifications listed below must be held at the time of application.
Certifications
- Mandatory (at least one): CISSP, GCIH, GCFA, ISO/IEC 27001 Lead Implementer or Lead Auditor.
- Advantageous: GCED, Certified SOC Analyst (CSA), Microsoft Certified: Security Operations Analyst (SC 200), CompTIA CySA+, CompTIA Security+.
Preferred Qualifications (nice to have)
- Experience within a Managed SOC or MSSP environment supporting multiple customer environments simultaneously.
- Experience with SOAR platforms including Microsoft Sentinel SOAR, Palo Alto XSOAR, Splunk SOAR, or equivalent orchestration technologies.
- Familiarity with cloud security monitoring including Azure, AWS, and GCP log sources, cloud native detections, and identity centric attack patterns.
- Exposure to DFIR methodologies including memory analysis, disk forensics, malware triage, and forensic investigations.
- Understanding of OT and ICS monitoring concepts.
- Prior experience delivering managed security services within the UAE or Middle East region.
- Familiarity with regional frameworks and standards including UAE IA, NESA, SAMA, and sector specific compliance requirements.
- Scripting capabilities using Python, PowerShell, or KQL for automation, parsing, and detection engineering.
Soft Skills & Professional Attributes
- Calm and decisive under pressure with the ability to confidently lead teams through high severity incidents.
- Strong written and verbal communication skills with the ability to brief customers, executives, and technical stakeholders effectively.
- Detail oriented while maintaining visibility of broader operational objectives.
- Natural mentor who actively contributes to analyst growth and capability development.
- Continuous improvement mindset focused on improving detection quality, reducing operational noise, and enhancing response effectiveness.
- Operates with integrity, professionalism, and discretion when handling sensitive customer information.
What We Offer
- Competitive Compensation — Salary aligned with experience, expertise, and regional market benchmarks.
- Training & Certification Budget — Dedicated annual investment in certifications, labs, and professional development.
- Hands on Technical Exposure — Lead investigations and response activities across a diverse customer portfolio.
- Influence Over the Practice — Opportunity to shape SOC strategy, tooling decisions, operational processes, and team growth.
- Growth Path — Clear progression into SOC Manager, Head of SOC, Managed Services Director, or DFIR leadership roles.
- Culture — A collaborative technology focused team that values technical excellence, ownership, customer success, innovation, and execution.
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at Olik Global
GRC Specialist - UAE National
Dubai, UAE
Olik Global seeks a GRC Specialist for its Banking & Financial Services team in Dubai. The role supports governance, risk, and compliance functions including regulatory compliance, risk assessments, policy management, an
Senior SOC Analyst
Dubai, UAE
ITHR Technologies seeks a Senior SOC Analyst for its Managed Security Services team in the UAE. This L3-level role involves leading complex alert investigations, incident response, threat hunting, and improving detection
Senior SOC Analyst
Abu Dhabi, UAE
ITHR Technologies seeks a Senior SOC Analyst for its Managed Security Services team in the UAE. This L3-level role involves complex alert investigations, incident response, threat hunting, and SIEM rule development. Requ
Senior SOC Analyst
Sharjah, UAE
ITHR Technologies seeks a Senior SOC Analyst for its Managed Security Services team in the UAE. This L3-level role involves leading complex alert investigations, incident response, threat hunting, and improving detection
SOC Team Lead
Abu Dhabi, UAE
We are seeking a SOC Team Lead to lead the day-to-day operations of the Security Operations team at ITHR. The role involves overseeing L1/L2/L3 analysts, managing incident response, improving detection engineering, and e
SOC Team Lead
Dubai, UAE
ITHR is seeking a SOC Team Lead to oversee a team of SOC analysts (L1/L2/L3) and manage day-to-day security operations. The role requires 5-8 years of SOC/incident response experience, hands-on SIEM expertise, and at lea
Pre-Sales Consultant - Technology & Cybersecurity
Sharjah, UAE
ITHR seeks a Pre-Sales Consultant to bridge customer challenges with technology solutions, supporting the full sales lifecycle from discovery to proposal development. Requires 4-6+ years of pre-sales experience in techno
Pre-Sales Consultant - Technology & Cybersecurity
Abu Dhabi, UAE
ITHR seeks a Pre-Sales Consultant to bridge customer challenges with technology solutions in cybersecurity and enterprise IT. The role involves engaging prospects, delivering technical presentations, developing proposals
GRC Specialist - UAE National
Dubai, UAE
Senior SOC Analyst
Dubai, UAE
Senior SOC Analyst
Abu Dhabi, UAE
Senior SOC Analyst
Sharjah, UAE
SOC Team Lead
Abu Dhabi, UAE
SOC Team Lead
Dubai, UAE
Pre-Sales Consultant - Technology & Cybersecurity
Sharjah, UAE
Pre-Sales Consultant - Technology & Cybersecurity
Abu Dhabi, UAE