SOC Manager

Key Responsibilities

• SOC Strategy & Operations
• Establish, operate, and mature a 24/7 SOC function, including on-call and follow-the-sun models as required.
• Define and execute a SOC roadmap aligned to business risk, regulatory requirements, and Keyloop’s strategic objectives.
• Ensure effective monitoring, detection, triage, investigation, and response to security events and incidents.
• Drive continuous improvement of SOC capabilities, coverage, and efficiency through metrics, lessons learned, and automation.


• SIEM, SOAR & Automation
• Own the design, implementation, and ongoing tuning of the SIEM platform.
• Lead the integration of multiple environments and technologies into the SIEM, including:
• Cloud platforms (e.g., AWS, Azure, GCP)
• On‑premise infrastructure
• SaaS applications
• Network and identity systems
• Define logging standards, use cases, correlation rules, and alerting thresholds.
• Implement and mature SOAR capabilities to automate alert triage, enrichment, response actions, and reporting.
• Identify opportunities to reduce mean time to detect (MTTD) and mean time to respond (MTTR) through automation.


• Incident Response & Threat Management
• Define and maintain incident response (IR) policies, processes, and governance.
• Develop and maintain detailed runbooks and playbooks for common and high-risk scenarios.
• Lead or oversee major incident response activities, including coordination with internal teams and third parties.
• Ensure post-incident reviews are conducted and improvement actions are tracked to closure.


• Security Technology Coverage
• Ensure effective SOC coverage and integration for security technologies, including but not limited to:
• Web content filtering
• Email security gateways
• Endpoint Detection & Response (EDR)
• Managed Detection & Response (MDR)
• Extended Detection & Response (XDR)
• Validate that alerts from these technologies are actionable, contextualized, and aligned with SOC use cases.


• Threat Intelligence
• Define and operationalize threat intelligence ingestion, analysis, and response processes.
• Integrate relevant internal and external threat intelligence feeds into SIEM and SOAR workflows.
• Ensure the SOC proactively adjusts detections, controls, and response actions based on emerging threats.
• Communicate relevant threat intelligence insights to stakeholders in a business-relevant manner.


• Compliance & Assurance
• Support Keyloop’s security and compliance objectives from a SOC perspective.
• Demonstrate strong understanding of, and alignment with:
• NIST Cybersecurity Framework
• ISO/IEC 27001
• SOC 2
• Contribute to achieving and maintaining certifications and attestations by providing evidence, metrics, and operational controls.
• Ensure SOC processes, logging, monitoring, and response activities meet audit and regulatory expectations.


• Team Leadership & Vendor Management
• Lead, mentor, and develop a team of L2 SOC analysts, fostering a culture of accountability, learning, and continuous improvement.
• Define roles, responsibilities, training plans, and career progression for SOC team members.
• Manage an external MSP providing L1 SOC services, including:
• Defining scope of services and responsibilities
• Establishing SLAs, OLAs, and escalation procedures
• Conducting regular service reviews and performance assessments
• Ensure seamless handoffs and collaboration between L1, L2, and other security functions.


• Metrics, Reporting & Governance
• Define and track SOC KPIs and KRIs, including detection coverage, incident volumes, response times, and quality metrics.
• Produce clear, accurate, and timely reporting for technical, risk, and executive audiences.
• Use metrics and trends to inform investment decisions, roadmap priorities, and risk discussions.


• Stakeholder Engagement & Communication
• Act as a trusted security advisor to internal stakeholders across IT, engineering, product, and the business.
• Effectively manage stakeholder expectations, balancing security risk, operational impact, and business priorities.
• Lead discussions on security risk, trade-offs, and remediation options.
• Present SOC performance, risks, and roadmap progress to senior management.


• Values & Business Alignment
• Demonstrate alignment with Keyloop’s values and ways of working.
• Develop a strong understanding of Keyloop’s products, services, customers, and business objectives.
• Ensure SOC activities directly support business resilience, customer trust, and strategic growth.

Required Experience & Skills

• Essential
• 8+ years of experience in cyber security, with significant hands-on experience in SOC operations.
• Proven experience building, operating, and maturing a 24/7 SOC environment.
• Strong experience with SIEM platforms (design, integration, tuning, and operations).
• Practical experience implementing and operating SOAR and security automation.
• Demonstrated experience defining and executing incident response processes and runbooks.
• Hands-on exposure to web, email, endpoint, MDR, and XDR security technologies.
• Experience managing SOC analysts and third-party service providers.
• Strong understanding of threat intelligence and its operational application.
• Demonstrated experience supporting NIST, ISO 27001, and SOC 2 compliance initiatives from a SOC perspective.


• Technical
• Security monitoring, detection engineering, and incident response
• Log management and security telemetry
• Automation and workflow orchestration
• Threat analysis and attacker techniques (e.g., MITRE ATT&CK)


• Leadership & Soft Skills
• Strong people management and coaching skills
• Excellent written and verbal communication
• Stakeholder management and expectation setting
• Negotiation and influence without authority
• Ability to translate technical risk into business impact
• Structured, delivery-focused approach to executing a security roadmap