Be an Early Applicant
The Role
The Director of SOC Engineering and Response leads SOC operations, enhances cybersecurity capabilities, manages a team, and ensures compliance with security standards.
Summary Generated by Built In
Position OverviewThe Director of SOC Engineering and Response is a senior leadership role responsible for the strategic vision, engineering, and operational effectiveness of the Security Operations Center (SOC). This individual is charged with designing, implementing, and continuously improving the technological tools, processes, and team capabilities that enable rapid detection, analysis, containment, and remediation of cyber threats. Reporting to Vice President of Cybersecurity Operations, the Director will lead a team of SOC engineers, incident responders, and technology analysts, serving as the backbone of the organization's cyber defense strategy.Key Responsibilities
Lead, mentor, and develop a high-performing team of SOC engineers, analysts, and responders.
Recruit, train, and retain top security talent.
Foster a collaborative, growth-oriented environment that values continuous learning and operational excellence.
SOC Engineering and Technology Enablement:
Oversee the architecture, deployment, integration, and maintenance of SOC technologies, including SIEM (Security Information and Event Management), SOAR (Security Orchestration, Automation, and Response), EDR (Endpoint Detection and Response), and threat intelligence platforms.
Ensure systems are optimized for coverage, speed, accuracy, and scalability across on-premises and cloud environments.
Drive the adoption of automation, artificial intelligence, and advanced analytics to enhance detection and response capabilities.
Manage vendor relationships, tool selection, and contract negotiations to ensure the SOC leverages the best technologies for the organization’s needs.
Incident Detection and Response:
Oversee 24/7 monitoring, triage, and analysis of security events to identify and remediate threats promptly.
Direct the incident response process from detection through containment, eradication, recovery, and post-incident review.
Develop, test, and maintain incident response plans and playbooks for a wide range of threat scenarios, including ransomware, phishing, insider threats, and data breaches.
Coordinate with cross-functional teams, such as IT, Legal, Compliance, and Communications, during incident response activities.
Threat Intelligence and Hunting:
Work with First Advantage’s Threat Intelligence team to integrate external and internal threat intelligence sources to proactively identify emerging risks and vulnerabilities.
Support proactive threat hunting initiatives to uncover hidden threats and reduce dwell time.
Ensure threat intelligence is actionable, timely, and integrated into detection and response processes.
Process Improvement and Metrics:
Continuously assess and improve SOC workflows, processes, and procedures for effectiveness and efficiency.
Develop and track key performance indicators (KPIs), metrics, and dashboards to measure SOC performance, incident trends, and response effectiveness.
Conduct regular after-action reviews and lessons-learned sessions following security incidents and major projects.
Governance, Compliance, and Risk Management:
Ensure SOC operations adhere to regulatory, legal, and industry standards (e.g., ISO 27001, NIST, PCI DSS, GDPR, HIPAA).
Collaborate with risk management and audit teams to address findings and recommendations.
Support audit engagements and provide evidence of SOC controls, processes, and incident records.
Executive Communication and Reporting:
Prepare and present regular reports, briefings, and executive summaries on SOC operations, threat trends, and incident investigations for leadership and the board.
Serve as a primary point of contact for critical security incidents and inquiries from executive leadership.
Represent the organization at industry events, conferences, and with external partners as a thought leader in SOC operations and engineering.Required Qualifications
- Strategic Leadership:
- Lead a small team of high performing information security professionals.
- Develop and communicate a clear vision for SOC engineering and incident response in alignment with the organization’s security objectives and risk tolerance.
- Establish and maintain the SOC’s engineering roadmap, ensuring ongoing innovation and adaptation to evolving threats and technologies.
- Advocate for resources, budget, and executive support necessary to build a world-class SOC engineering and response capability.
- As a foundational role in the organization’s information security program requires accessibility 24/7/365.
Lead, mentor, and develop a high-performing team of SOC engineers, analysts, and responders.
Recruit, train, and retain top security talent.
Foster a collaborative, growth-oriented environment that values continuous learning and operational excellence.
SOC Engineering and Technology Enablement:
Oversee the architecture, deployment, integration, and maintenance of SOC technologies, including SIEM (Security Information and Event Management), SOAR (Security Orchestration, Automation, and Response), EDR (Endpoint Detection and Response), and threat intelligence platforms.
Ensure systems are optimized for coverage, speed, accuracy, and scalability across on-premises and cloud environments.
Drive the adoption of automation, artificial intelligence, and advanced analytics to enhance detection and response capabilities.
Manage vendor relationships, tool selection, and contract negotiations to ensure the SOC leverages the best technologies for the organization’s needs.
Incident Detection and Response:
Oversee 24/7 monitoring, triage, and analysis of security events to identify and remediate threats promptly.
Direct the incident response process from detection through containment, eradication, recovery, and post-incident review.
Develop, test, and maintain incident response plans and playbooks for a wide range of threat scenarios, including ransomware, phishing, insider threats, and data breaches.
Coordinate with cross-functional teams, such as IT, Legal, Compliance, and Communications, during incident response activities.
Threat Intelligence and Hunting:
Work with First Advantage’s Threat Intelligence team to integrate external and internal threat intelligence sources to proactively identify emerging risks and vulnerabilities.
Support proactive threat hunting initiatives to uncover hidden threats and reduce dwell time.
Ensure threat intelligence is actionable, timely, and integrated into detection and response processes.
Process Improvement and Metrics:
Continuously assess and improve SOC workflows, processes, and procedures for effectiveness and efficiency.
Develop and track key performance indicators (KPIs), metrics, and dashboards to measure SOC performance, incident trends, and response effectiveness.
Conduct regular after-action reviews and lessons-learned sessions following security incidents and major projects.
Governance, Compliance, and Risk Management:
Ensure SOC operations adhere to regulatory, legal, and industry standards (e.g., ISO 27001, NIST, PCI DSS, GDPR, HIPAA).
Collaborate with risk management and audit teams to address findings and recommendations.
Support audit engagements and provide evidence of SOC controls, processes, and incident records.
Executive Communication and Reporting:
Prepare and present regular reports, briefings, and executive summaries on SOC operations, threat trends, and incident investigations for leadership and the board.
Serve as a primary point of contact for critical security incidents and inquiries from executive leadership.
Represent the organization at industry events, conferences, and with external partners as a thought leader in SOC operations and engineering.Required Qualifications
- Bachelor’s degree in Computer Science, Information Security, Engineering, or related field; Master’s degree preferred. Additional experience in lieu of a degree will be considered.
- 10+ years of progressive experience in cybersecurity, with at least 5 years in a leadership role over an engineering or development technology team.
- Expertise in security monitoring, incident response, threat intelligence, and SOC engineering across diverse technology environments.
- Strong knowledge of SOC technologies (SIEM, SOAR, EDR, IDS/IPS, firewalls, cloud security tools) and best practices.
- Expertise with programming, scripting, and query languages such as PowerShell, Python, SQL/KQL, Bash, and Perl.
- Change management and code quality & reliability experience.
- Hands-on experience implementing automation, orchestration, and advanced analytics to enhance SOC capabilities.
- Demonstrated success in managing, mentoring, and developing technical teams in a high-pressure environment.
- Excellent analytical, problem-solving, and decision-making skills.
- Outstanding written and verbal communication abilities, with the capacity to convey complex security issues to technical and non-technical audiences.
- Relevant industry certifications such as CISSP, CISM, GIAC, GCIA, GCIH, or equivalent are strongly preferred.
- Experience with regulatory compliance frameworks and audit processes.
- Hands-on experience with Microsoft Security products and toolkits a plus.
- Experience working in management tracking methodologies promote continuous improvement within agile teams.
- A strategic thinker with a passion for innovation and continuous improvement.
- Resilient under pressure, able to lead calmly through crises and high-stakes incidents.
- Collaborative and influential, building strong relationships across business and technical teams.
- Ethical, trustworthy, and committed to upholding the highest standards of confidentiality and integrity.
- Adaptable to rapidly changing threat landscapes and emerging technologies.
- Committed to fostering a diverse and inclusive team culture.
Top Skills
Bash
Edr
Ids/Ips
Kql
Microsoft Security Products
Perl
Powershell
Python
SIEM
Soar
SQL
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
First Advantage delivers comprehensive background check solutions and insights that enable employers and housing providers to make confident choices, reduce risk, and maintain compliance.
With offices in 26 locations and a staff of 4,000+ employees, First Advantage leverages leading technology and the industry’s largest global capabilities to complete background checks in 200+ countries and territories. If you’re looking for employee or tenant background check solutions that enable fast and reliable decision making, we’re your First Advantage.
For more detailed information on First Advantage products and services, visit fadv.com.
