GMI - Global Market Innovators
SOC Lead (On-site) Scottsdale, AZ
GMI - Global Market Innovators, Scottsdale, Arizona, us, 85261
Job Overview
Job Title: SOC Lead (On-site) Scottsdale, AZ
Department: Managed SOC
Reports to: SOC Manager
Location: On-site, Travel
Primary Function The SOC Lead is responsible for ensuring day-to-day operations of the Security Operations Center are conducted effectively and efficiently. This role combines operational leadership, team mentorship, quality assurance, and technical expertise to deliver exceptional threat detection, threat intelligence, threat hunting, and incident response capabilities to customers. The role demands high coordination, visibility, and a passion for continuous improvement across processes, people, and platforms.
Primary Responsibilities
Oversee daily SOC operations and assist in coordinating analyst shift activities.
Monitor adherence to SLAs and internal quality standards.
Provide mentorship and guidance to junior team members.
Monitor security event triage and escalation practices.
Track and enforce SOC playbook usage and documentation standards.
Lead quality control checks and support continuous improvement cycles.
Collaborate with engineers and architects to integrate tools such as SIEM, XDR, IDS/IPS, and vulnerability management.
Understand vulnerabilities, exploitation tactics, and remediation strategies.
Drive automation to reduce analyst workload and improve response times.
Support escalated incident response efforts and serve as a coordination point across teams.
Ensure proper documentation, RCA, and client reporting on major security events.
Track OKRs and KPIs to measure SOC effectiveness and ROI.
Communicate outcomes, trends, and operational performance to leadership and clients in weekly, bi-weekly, and monthly meetings.
Develop and deliver training sessions to address knowledge gaps.
Create and maintain internal documentation and SOPs.
Lead by example and provide mentorship to foster a culture of curiosity and collaboration.
People & General Requirements
Demonstrate and promote an understanding and commitment to the GMI culture and core values.
Build credibility with clients by setting and executing against expectations in line with managed scope.
Maintain and proactively manage utilization target assigned by leadership.
Ensure accurate project time reporting and accountability to project tasks.
Speak fluently about GMI services and communicate business opportunities to the sales team.
Identify and foster industry relationships with internal and external customers to promote the GMI brand.
Process
Review expectations committed to during the outlined processes, understand and manage any changes in expectations, and manage them throughout the engagement.
Collaborate with internal team members to drive client success through innovation, experience, and thought leadership.
Continuously improve product and process through communication showing execution of experience.
Continuously optimize internal GMI delivery "run-books" and internal delivery documentation.
Technology Expertise
Provide high-level technical oversight of SOC tools and ensure proper triage, detection, and escalation workflows.
Lead operational aspects of advanced investigations alongside incident commander, including root cause analysis and actionable remediation plans.
Serve as a subject matter expert across multiple security platforms, offering strategic guidance on tuning, threat modeling, and detection coverage.
Develop, implement, and document design plans, integration strategies, and operational guidance for SOC technologies while working side-by-side with other departments such as SOC/Security Engineering and/or Advisory.
Proactively conduct independent research and formulate improvements to detection engineering, threat intelligence use, threat hunting, and workflow optimization.
Mentor and guide analysts across the SOC in technical upskilling, contributing to continuous professional development.
Establish and maintain a structured training regimen for analysts and team members to mature operational capability and threat response.
Build knowledge libraries and ensure effective knowledge transfer within the team and across departments.
Education
A bachelor's degree in CS, Math, Engineering, MIS, CIS, or related field is preferred but not required.
Skills And Certification
Vendor or industry technical certification(s) such as: CySA+, CISM, GSEC, GCIA, GPEN, GCIH, GCTI, Crowdstrike Responder or equivalent.
Ability to translate complex technical issues into clear business outcomes.
Experience with process optimization, automation tools, and incident response workflows.
Strong technical knowledge in SIEM, XDR, IDS/IPS, firewalls, EDR, vulnerability scanners.
Systems Administration – Windows or *nix.
Windows Management technology – AD, GPO.
Networking – OSI Model, Cisco, Checkpoint, Fortinet, Palo, etc.
Network Analysis tools – Nmap, NetWitness, Wireshark, etc.
Identity Management – SIEM, Elastic Stack, Microsoft Sentinel, etc.
Operating Systems – Server and Desktop (Windows, MAC, Linux).
Security Solutions or Software Vulnerability management – CrowdStrike, Nessus, Rapid7, Burp Suite, etc.
Knowledge And Experience
A minimum of 5 years in SOC environment is required.
Prior team leadership and mentorship experience is required.
Ability to develop and present technical material to all audience levels.
Accountable self-starter with strong organizational and interpersonal skills.
Proven ability to manage escalated security incidents and drive quality insurance initiatives.
Strong communication, time management, prioritization, problem solving, and decision-making skills under pressure.
Additional Information
While performing the duties of this job, the employee is regularly required to stand, sit, talk, hear, and use hands and fingers to operate a computer.
Ability to sit at a computer terminal for an extended period.
Light to moderate lifting is required.
Reasonable accommodations may be made to enable individuals with disabilities to perform these functions.
Benefits
Medical, Dental, Vision Insurance
401(k) with 4% company match
Generous Time off policy
Stock Appreciation Rights after year one
Rapidly growing company with opportunities for advancement
#J-18808-Ljbffr
Department: Managed SOC
Reports to: SOC Manager
Location: On-site, Travel
Primary Function The SOC Lead is responsible for ensuring day-to-day operations of the Security Operations Center are conducted effectively and efficiently. This role combines operational leadership, team mentorship, quality assurance, and technical expertise to deliver exceptional threat detection, threat intelligence, threat hunting, and incident response capabilities to customers. The role demands high coordination, visibility, and a passion for continuous improvement across processes, people, and platforms.
Primary Responsibilities
Oversee daily SOC operations and assist in coordinating analyst shift activities.
Monitor adherence to SLAs and internal quality standards.
Provide mentorship and guidance to junior team members.
Monitor security event triage and escalation practices.
Track and enforce SOC playbook usage and documentation standards.
Lead quality control checks and support continuous improvement cycles.
Collaborate with engineers and architects to integrate tools such as SIEM, XDR, IDS/IPS, and vulnerability management.
Understand vulnerabilities, exploitation tactics, and remediation strategies.
Drive automation to reduce analyst workload and improve response times.
Support escalated incident response efforts and serve as a coordination point across teams.
Ensure proper documentation, RCA, and client reporting on major security events.
Track OKRs and KPIs to measure SOC effectiveness and ROI.
Communicate outcomes, trends, and operational performance to leadership and clients in weekly, bi-weekly, and monthly meetings.
Develop and deliver training sessions to address knowledge gaps.
Create and maintain internal documentation and SOPs.
Lead by example and provide mentorship to foster a culture of curiosity and collaboration.
People & General Requirements
Demonstrate and promote an understanding and commitment to the GMI culture and core values.
Build credibility with clients by setting and executing against expectations in line with managed scope.
Maintain and proactively manage utilization target assigned by leadership.
Ensure accurate project time reporting and accountability to project tasks.
Speak fluently about GMI services and communicate business opportunities to the sales team.
Identify and foster industry relationships with internal and external customers to promote the GMI brand.
Process
Review expectations committed to during the outlined processes, understand and manage any changes in expectations, and manage them throughout the engagement.
Collaborate with internal team members to drive client success through innovation, experience, and thought leadership.
Continuously improve product and process through communication showing execution of experience.
Continuously optimize internal GMI delivery "run-books" and internal delivery documentation.
Technology Expertise
Provide high-level technical oversight of SOC tools and ensure proper triage, detection, and escalation workflows.
Lead operational aspects of advanced investigations alongside incident commander, including root cause analysis and actionable remediation plans.
Serve as a subject matter expert across multiple security platforms, offering strategic guidance on tuning, threat modeling, and detection coverage.
Develop, implement, and document design plans, integration strategies, and operational guidance for SOC technologies while working side-by-side with other departments such as SOC/Security Engineering and/or Advisory.
Proactively conduct independent research and formulate improvements to detection engineering, threat intelligence use, threat hunting, and workflow optimization.
Mentor and guide analysts across the SOC in technical upskilling, contributing to continuous professional development.
Establish and maintain a structured training regimen for analysts and team members to mature operational capability and threat response.
Build knowledge libraries and ensure effective knowledge transfer within the team and across departments.
Education
A bachelor's degree in CS, Math, Engineering, MIS, CIS, or related field is preferred but not required.
Skills And Certification
Vendor or industry technical certification(s) such as: CySA+, CISM, GSEC, GCIA, GPEN, GCIH, GCTI, Crowdstrike Responder or equivalent.
Ability to translate complex technical issues into clear business outcomes.
Experience with process optimization, automation tools, and incident response workflows.
Strong technical knowledge in SIEM, XDR, IDS/IPS, firewalls, EDR, vulnerability scanners.
Systems Administration – Windows or *nix.
Windows Management technology – AD, GPO.
Networking – OSI Model, Cisco, Checkpoint, Fortinet, Palo, etc.
Network Analysis tools – Nmap, NetWitness, Wireshark, etc.
Identity Management – SIEM, Elastic Stack, Microsoft Sentinel, etc.
Operating Systems – Server and Desktop (Windows, MAC, Linux).
Security Solutions or Software Vulnerability management – CrowdStrike, Nessus, Rapid7, Burp Suite, etc.
Knowledge And Experience
A minimum of 5 years in SOC environment is required.
Prior team leadership and mentorship experience is required.
Ability to develop and present technical material to all audience levels.
Accountable self-starter with strong organizational and interpersonal skills.
Proven ability to manage escalated security incidents and drive quality insurance initiatives.
Strong communication, time management, prioritization, problem solving, and decision-making skills under pressure.
Additional Information
While performing the duties of this job, the employee is regularly required to stand, sit, talk, hear, and use hands and fingers to operate a computer.
Ability to sit at a computer terminal for an extended period.
Light to moderate lifting is required.
Reasonable accommodations may be made to enable individuals with disabilities to perform these functions.
Benefits
Medical, Dental, Vision Insurance
401(k) with 4% company match
Generous Time off policy
Stock Appreciation Rights after year one
Rapidly growing company with opportunities for advancement
#J-18808-Ljbffr