SOC Team Lead

Shift:
Our 4 on, 4 off schedule rotates every 28 days, providing flexibility and 24/7 coverage:

• Start with Day Early (50% Hybrid): 7:00 am – 5:00 pm
• Move to Day Middle (50% Hybrid): 12:00 pm – 10:00 pm
• Then Night (Remote): 9:00 pm – 7:00 am

Employees work 10 hours each shift for four days and then enjoy four days off, enhancing work-life balance with more consecutive days off.
Night shifts are fully remote and last for four months each year.

• Supervise and mentor Security Analysts during a standard working team/shift which includes scheduling, PTO, and working with peers to ensure adequate coverage
• Manage analyst workload and workflows while acting as an escalation point for your team
• Communicate with BlueVoyant clients throughout incident escalations and service delivery questions or concerns
• Supervise operations in deterring, identifying, monitoring, investigating, and analyzing attacks
• Support analyst alert triage to identify whether appropriate escalations occurred, and monitor for patterns indicating late-stage incident lifecycle alerts requiring incident response
• Provide quality control and feedback for analyst investigations
• Participate in the response, investigation, and resolution of security incidents
• Ensure teams are aware of operating procedures and any changes or additions
• Aid in keeping operational documentation up to date
• Provide incident investigation, handling, and response, including incident documentation
• Serve as the technical escalation point and mentor for your analyst team
• Perform triage of incoming issues (assess the priority, determine risk)
• Maintain a strong awareness of the current threat landscape

• Strong teamwork and interpersonal skills, including the ability to work effectively with a globally distributed team
• Able and willing to work in a 24/7/365 environment, including nights and weekends, on a rotating shift schedule
• Experience managing technical individual contributors, including providing feedback, monitoring quality, and prioritizing work
• Strong customer communications skills, including articulating complex or urgent technical data and scenarios to non-technical audiences
• Ability to handle high pressure situations in a productive and professional manner

• Knowledge of and experience with intrusion detection/prevention systems and SIEM software
• Advanced knowledge and understanding of network protocols and devices.
• Advanced experience with Mac OS, Windows, and Unix systems.
• Ability to analyze event logs and recognize signs of cyber intrusions/attacks
• Advanced written and verbal communication skills and the ability to present complex technical topics in clear and easy-to-understand language
• Familiarity with tools such as Malware Sandboxes, Sentinel, Splunk, EDR solutions
• Strong knowledge of the following:
  • Enterprise Cloud Solutions (Azure, GCP, AWS)
  • Modern authentication systems and attacks (SSO, OATH, Entra, etc.) 
  • SIEM workflows (preferably Sentinel and Splunk)
  • Packet Analysis
  • Malware Detection, to include dynamic and light static analysis
  • Network Monitoring metadata (web logs, firewall logs, WAF/IDS)
  • Email Security and common business email compromise attacks
  • Vulnerability Identification and correlation to attacker behavior

• Experience in network/host vulnerability analysis, intrusion analysis, digital forensics, penetration testing, or related areas
• 5+ years of hands-on SOC/TOC/NOC experience
• GIAC certification(s) strongly preferred. CISSP, Security +, Network +, CEH, RHCA, RHCE, MCSA, MCP, or MCSE preferred
• Familiarity with technologies such as Sentinel, Splunk, Microsoft Defender suites, Crowdstrike Falcon, SentinelOne
• Familiarity with Group Policy, Intune, Virtualization, and other IT Infrastructure tools
• Understanding and/or experience with one or more of the following programming languages: JavaScript, Python, Lua, Ruby, GoLang, Rust

• Minimum bachelor’s degree in Information Security, Computer Science, or other IT-related field or equivalent experience