SOC Manager

About Mobiz

Mobiz is a global technology services leader, Microsoft-aligned managed services and cloud solutions provider, empowering mid-market and enterprise organizations across North America and the Middle East. We deliver end-to-end IT operations, Modern Work and Security, Data and AI, cybersecurity, infrastructure, and digital transformation services—driving resilience, innovation, and measurable business impact at scale.

With a Solutions Partner designation and active pursuit of Azure Expert MSP status, Mobiz combines the agility of a boutique consultancy with the delivery rigor of a tier-1 integrator. Our NOC and SOC teams operate as the always-on backbone of client environments, monitoring thousands of endpoints, network nodes, and cloud workloads around the clock.

What Can You Expect?

Every day at Mobiz we work with a deep sense of purpose. We continuously innovate. Our mission is to empower our clients to do more through transformation.  You’ll work in a collaborative environment alongside highly talented people that improve client operations and exceed expectations.  We strive to simplify technology challenges, and no less.

Who Are We Looking For?

The SOC Manager leads Mobiz's Security Operations Center, owning the end-to-end detection, analysis, and response capability that protects client environments across cloud, network, identity, and endpoint attack surfaces. Reporting to the Director of Engineering, this role is accountable for analyst team performance, detection engineering quality, threat intelligence operationalization, and client-facing security reporting. The SOC Manager operates at the intersection of technical depth and operational leadership — capable of reviewing a SIEM detection rule in the morning, leading a ransomware containment call at noon, and presenting a security posture briefing to a client CISO in the afternoon. The ideal candidate brings proven hands-on IR experience, strong familiarity with the Microsoft security stack, and a track record of building high-performing SOC teams in a managed services environment.

Key Responsibilities 

1. Detection & Incident Response

• Own the full threat lifecycle — alert triage, investigation, escalation, containment, eradication, and post-incident review across all monitored client tenants.
• Serve as senior IR authority for P1 security incidents; lead containment decisions, coordinate cross-functional response (NOC, engineering, legal, insurance), and manage client communications throughout.
• Direct and quality-review Tier 1 and Tier 2 analyst work; ensure investigation notes, timelines, and evidence are complete and defensible.
• Lead post-incident reviews (PIRs) and Lessons Learned sessions for all major security events; track action items through closure.
• Maintain and continuously improve incident response playbooks for ransomware, business email compromise (BEC), identity compromise, data exfiltration, and insider threat scenarios.

2. Detection Engineering & Threat Intelligence

• Own the detection rule library in Microsoft Sentinel (or equivalent SIEM); drive ongoing tuning, coverage gap analysis, and MITRE ATT&CK alignment.
• Develop, test, and deploy new detection rules in response to emerging threats, threat intelligence feeds, and post-incident findings.
• Operationalize threat intelligence that translate CTI feeds, vendor advisories, and ISAC alerts into actionable detections, hunts, and hardening recommendations.
• Lead proactive threat hunting operations across client environments; document findings, refine TTPs, and convert hunts into persistent detections.
• Collaborate with the vulnerability management practice to prioritize remediation based on active threat actor targeting and client exposure.

3. Team Leadership & Analyst Development

• Lead, schedule, and develop a team of SOC analysts (Tier 1–3) and detection engineers across shift rotations, including 24×7 on-call coverage.
• Define analyst career paths aligned to Mobiz's engineer tiering framework; build and execute individual development plans with certification goals (SC-200, CySA+, GCIH, etc.).
• Conduct structured 1:1s, performance reviews, and skills assessments; address performance gaps with coaching plans before they escalate.
• Lead shift handover procedures ensuring full operational context — open incidents, active hunts, suppressed alerts — is transferred at each boundary.
• Build a team culture of intellectual curiosity, operational discipline, and continuous threat learning.

4. SOC Platform & Tooling

• Own the SOC tooling stack including Microsoft Sentinel, Defender XDR (MDE, MDO, MDI, MDCA), CrowdStrike Falcon, and integrated SOAR/automation workflows.
• Drive SOAR playbook development to automate repetitive triage tasks, enrichment workflows, and low-complexity response actions.
• Maintain integration health between SIEM, EDR, identity (Entra ID / AAD), email security, and ITSM (ServiceNow) platforms.
• Evaluate new security tooling and provide recommendations to the Director of Engineering on platform investments and coverage gaps.
• Ensure log source coverage completeness across all client tenants; manage onboarding of new data connectors and normalization rules.

5. Client Engagement & Reporting

• Prepare and deliver monthly Security Operations Reports (SORs) covering detection metrics, incident summaries, threat landscape context, and recommended hardening actions.
• Participate in client security reviews and Quarterly Business Reviews (QBRs); present SOC posture findings to technical and executive audiences.
• Manage client communication during active security incidents — status updates, containment milestones, regulatory notification timelines, and post-incident summaries.
• Coordinate with legal counsel (BakerHostetler or client-designated), cyber insurance carriers (AIG and others), and DFIR partners (Kroll, Fenix24) during major incidents.
• Support presales and proposal efforts by providing SOC capability narratives, detection coverage matrices, and IR SLA definitions.

6. Governance, Compliance & Risk

• Maintain SOC policies, procedures, and evidence retention standards in alignment with NIST CSF, CIS Controls, and client contractual requirements.
• Support client audit and compliance engagements (SOC 2, ISO 27001, HIPAA, CMMC) by providing SOC operational evidence and control narratives.
• Track and report on SOC KPIs to the Director of Engineering; surface capacity risks, coverage gaps, and tooling deficiencies proactively.
• Maintain awareness of regulatory and legal obligations (GDPR, CCPA, state breach notification laws) relevant to incident response timelines and client notifications

Candidate Profile: Requirements & Preferred Qualifications 

Required Qualifications

• Bachelor’s/Master’s degree in Computer Science or related field.
• 7+ years of information security experience, with at least 3 years in a SOC leadership or senior analyst role.
• Proven hands-on experience leading incident response for high-severity events (ransomware, BEC, APT, insider threat) in an MSP or enterprise environment.
• Deep expertise with Microsoft Sentinel — rule authoring in KQL, workbook development, data connector management, and SOAR playbook design.
• Strong working knowledge of the Microsoft Defender XDR suite: Defender for Endpoint (MDE), Defender for Office 365 (MDO), Defender for Identity (MDI), and Defender for Cloud Apps (MDCA).
• Solid understanding of identity-based attack chains — Pass-the-Hash, Pass-the-Ticket, Golden Ticket, token theft, Entra ID OAuth abuse — and corresponding detection/containment strategies.
• Familiarity with attacker TTPs mapped to MITRE ATT&CK; ability to build and maintain detection coverage matrices.
• Experience with ITSM platforms for incident tracking and SLA governance; ServiceNow strongly preferred.
• Excellent communication skills — able to write clear incident timelines, executive summaries, and technical PIR reports.
  

Preferred Qualifications

• Microsoft certifications: SC-200 (Security Operations Analyst), SC-300 (Identity & Access), AZ-500 (Azure Security Engineer), or SC-100 (Cybersecurity Architect).
• Industry certifications: GCIA, GCIH, GCFA (GIAC), CySA+ (CompTIA), or CISSP.
• Experience with CrowdStrike Falcon — EDR policy management, threat graph analysis, and OverWatch integration.
• Hands-on DFIR experience: memory forensics, disk imaging, log correlation, and chain-of-custody evidence handling.
• Exposure to OT/ICS environments, SCADA monitoring, or industrial network security.
• Familiarity with Palo Alto Cortex XSIAM, Splunk, or QRadar as SIEM alternatives or migration contexts.
• Scripting proficiency: KQL (advanced), PowerShell, Python for detection automation, log parsing, and threat hunting.
• Experience working alongside legal counsel and cyber insurers during major incident response engagements.
  

Core Technical Skill Set

The following technologies and platforms are central to success in this role:

• SIEM: Microsoft Sentinel (primary) — KQL, Analytics Rules, Workbooks, SOAR Playbooks (Logic Apps)
• EDR / XDR: Microsoft Defender for Endpoint, CrowdStrike Falcon (client-dependent)
• Email & Identity Security: Defender for Office 365, Defender for Identity, Defender for Cloud Apps
• Cloud Security: Microsoft Defender for Cloud, Azure Security Center, Secure Score
• Identity Platform: Microsoft Entra ID, Privileged Identity Management (PIM), Conditional Access
• ITSM: ServiceNow (Incidents, Security Cases, Change, Knowledge)
• Network Security: Palo Alto Panorama, Fortinet FortiManager, WatchGuard, Cisco Meraki
• Threat Intelligence: Microsoft Threat Intelligence, ISAC feeds, vendor advisories
• DFIR Partners: Kroll, Fenix24 (external IR augmentation on major engagements)
• Automation & Scripting: PowerShell, KQL, Python, n8n, Azure Logic Apps
• Communication & Reporting: Microsoft 365, Teams, Dynamics 365 CRM, SharePoint

Core Competencies (Power Skills)

• Threat-Informed Detection Engineering Mindset
• Communication Clarity Across Technical and Executive Layers
• Emotional Intelligence & Situational Awareness
• Governance, Compliance & Risk Accountability
• Advanced Analytical Thinking & Forensic Reasoning
• Microsoft Security Ecosystem Fluency (Cloud, Identity, Endpoint)
• Executive Communication & Client Trust Management
• SOC Engineering & Operational Excellence
• Critical thinking and decision making

What We Offer

• A team of bright, hard-working, and innovative people that will contribute to your growth.
• Competitive Salary and comprehensive benefits plan.
• A dynamic and collaborative work environment with opportunity to work with cutting-edge technology and innovative solutions. 

Other
This is a full-time, on-site position based in Islamabad, Pakistan.

Equal Opportunity & Diversity Commitment

At Mobiz, we believe that diverse perspectives, experiences, and backgrounds strengthen our organization and drive innovation. We are committed to fostering an inclusive workplace where all employees are valued, respected, and empowered to succeed. As an equal opportunity employer, we make employment decisions based on qualifications, merit, and business needs, without regard to race, gender, age, religion, disability, national origin, or any other protected characteristic.

What Happens Next?

Thank you for your interest in becoming part of Mobiz. We are committed to attracting exceptional talent and building a team that drives innovation, excellence, and meaningful impact. Every application is reviewed with care and consideration. If your experience and qualifications are a match for the role, a member of our team will connect with you regarding the next stage of the hiring process. 

We appreciate your interest in joining Mobiz and wish you success in your career endeavors.