SOC Lead - Detection & Response

Most companies are racing to deploy AI, but very few have the foundation to make it work reliably. Atlan is building that missing layer: the context layer for enterprise AI. We connect the business context behind data so humans and agents can operate with far more accuracy and confidence.

With backing from world-class investors including GIC, Insight Partners, Meritech, Peak XV, and Salesforce Ventures, we've earned the trust of most AI-forward enterprises like General Motors, Nasdaq, Workday and Elastic.

Come build the infrastructure that AI runs on.

We're looking for a SOC Lead who will own Atlan's security operations end-to-end. You lead the function, not a team. You own detection and response outcomes, manage our external SOC vendor, and build the AI-native operations layer that defines what security ops looks like at Atlan.

You'll report to the Senior Security Manager and work across Application Security, Platform Security, GRC, and Corporate Security. We expect this person to contribute beyond SOC — whether that's supporting compliance audits, or security automation.

• Own SOC operations

  • Be the single accountable owner for detection, triage, and response at Atlan. Define what good looks like. Hold yourself and the vendor to it.

• Manage the managed SOC vendor

  • Drive day-to-day operations with our external MDR/managed SOC provider. Own the SLA conversations, escalation paths, tuning feedback loops, and monthly reviews.

• Build detection and response capability

  • Develop and continuously improve detection coverage across the security stack. Reduce false positives, improve MTTD and MTTR, and build runbooks and playbooks that the team can actually use.

• Build and operate AI agents for SOC

  • Design and deploy AI agents that handle alert triage, evidence gathering, and investigation summaries autonomously. Move the SOC from reactive-human-only to a model where AI agents do the first pass — and analysts make the calls. Think agentic workflows, not just dashboards.

• Lead incident response

  • Take command of incidents. Run post-mortems. Feed learnings back into controls and detection. Be the point of contact for internal stakeholders and, when needed, external parties.

• Drive automation

  • Security at Atlan is built on automation. You'll write scripts, build n8n workflows, and contribute to our Claude AI-powered security tooling — whether that's auto-enriching alerts, closing remediation loops, or generating incident timelines. We expect you to ship working code, not just spec it out.

• Build toward in-house SOC

  • Develop the roadmap for transitioning from a vendor-heavy model to an in-house capability. Define hiring profiles, tooling requirements, and the right sequencing.

• Contribute across security domains

  • This is a small, high-trust team. You'll contribute to supporting compliance audits, risk assessments, and other security program work — not just SOC operations.

• Report to leadership

  • Maintain a clear picture of Atlan's detection and response posture. Produce regular metrics and narratives for the senior leadership.

• 6+ years in security operations, with demonstrated experience building or leading core SOC functions, particularly across detection engineering and incident response.

• Hands-on experience with SIEM platforms — alert triage, detection rule development, correlation logic (Splunk preferred)

• Experience managing or working closely with a managed SOC or MDR vendor

• Strong incident response fundamentals — you've run incidents, written post-mortems, and improved controls as a result

• Comfortable with cloud-native environments (AWS/GCP/Azure) and the threat landscape specific to SaaS B2B companies

• Experience with EDR platforms (SentinelOne, CrowdStrike, or similar)

• Ability to write clearly — incident reports, runbooks, leadership briefings

• Hands-on experience building automation — scripts, workflows, or integrations that reduced manual analyst work

This role is explicitly AI-forward. We're not looking for someone who will learn AI on the job — we want someone actively building with it.

• Working knowledge of LLMs and how they can be applied to security operations — triage, summarization, investigation assistance

• Experience building or using AI-assisted security workflows (prompt engineering, agent frameworks, or SOAR + AI integrations)

• Ability to evaluate and deploy AI SOC agent tooling — you can tell the difference between a demo and something production-ready

• Experience building or scaling an in-house SOC from scratch

• Familiarity with automation tooling (n8n, Tines, Palo Alto XSOAR, or similar)

• Prior work building agentic security workflows — multi-step AI pipelines that take actions, not just generate text

• Working knowledge of compliance frameworks (SOC 2, ISO 27001, HIPAA) and how SOC feeds compliance evidence

• Threat hunting experience

• Relevant certifications: GCIA, GCIH, GCFA, or equivalent

Joining Atlan means being part of a global movement to help data teams do their life’s best work. Here’s what you can expect:

• Competitive Compensation: We benchmark at the top of the market and keep compensation simple: strong base salary, performance‑based variable pay, and impact‑driven equity (for most roles), so your total rewards grow in step with the value you create over time.

• AI Native Culture: Atlan is where AI-native builders come to build the systems the future of work will run on. AI isn’t an add-on, it’s woven into how we build, think, and work every day, empowering every Atlanian to move faster and create a bigger impact.

• Health & Wellness: From Day‑1 health, dental, vision, and mental health to flexible health stipends, we design benefits offerings that lead in each country we're in.

• Flexible Time Off & Leave Policies: We trust you to own your energy: flexible time off and modern leave so you can unplug properly, support yourself and your loved ones, and come back ready to drive an impact.

• Accelerated Growth & Learning: Develop at an uncommon velocity through cutting-edge tech, complex implementations, and an experienced team that values mastery.

• Global, Remote-First, High-Trust: Work from anywhere with a diverse team across 15+ countries, in a trust-first, async environment that gives you true flexibility and ownership over how you work.

More About Us

Atlan is building the shared context layer that enterprises need so AI can operate on trusted, governed context. The conversation has moved from data leaders asking: “Can we trust the data in our stack?” to businesses asking: “Can we trust AI inside the business?”

We are the missing infrastructure for businesses becoming AI-forward - the connective tissue between their data stack, operational systems, and AI agents.
To learn more, visit www.atlan.com and follow us on LinkedIn.

Equal Opportunity Employer

Atlan is committed to building an inclusive, diverse, and authentic workplace. We do not discriminate based on race, color, religion, national origin, age, disability, sex, gender identity or expression, sexual orientation, marital status, military or veteran status, or any other legally protected characteristic.

Recruitment Fraud Alert
Atlan only posts job openings through our official Careers page at atlan.com/careers. Any other listings or communications claiming to represent Atlan may be fraudulent. We never ask for payment during hiring. Please report suspicious activity to [email protected].