Role Description
Detection Response Lead, you will play a pivotal role in proactively identifying and mitigating security threats to safeguard the organization’s digital assets. This role requires a hands-on technical expert who can lead the Security Operations Center (SOC) team, drive detection strategies, and improve response mechanisms to combat cyber threats effectively.
Role & Responsibilities:
- Lead the development, tuning, and optimization of detection strategies and playbooks for security monitoring.
- Oversee threat hunting activities to identify advanced persistent threats and unknown risks.
- Analyze and respond to high-severity security incidents, ensuring rapid containment and resolution.
- Manage and mentor a team of SOC analysts, threat hunters, and incident responders.
- Drive team performance, promote collaboration, and foster continuous improvement in security operations.
- Define KPIs to measure SOC efficiency, incident response times, and detection effectiveness.
- Coordinate with cross-functional teams during security incidents, ensuring a seamless response and post-incident review.
- Conduct root cause analysis and implement remediation plans to prevent incident recurrence.
- Integrate threat intelligence feeds into SOC workflows for proactive threat detection.
- Analyze emerging cyber threat trends and recommend changes to detection processes and tools.
- Manage and enhance security technologies such as SIEM, EDR, NDR, SOAR, and threat intelligence platforms.
- Evaluate and implement new tools to improve threat detection, investigation, and response capabilities.
- Develop clear incident response processes, documentation, and post-mortem analysis reports.
- Deliver periodic reports to executive leadership on threat landscape, incident trends, and SOC performance.
Desired Key Skills
- 5+ years of experience in cybersecurity operations, with at least 3 years in a leadership or senior SOC role.
- Strong understanding of modern security frameworks, such as MITRE ATT&CK, NIST CSF, and CIS Controls.
- Expertise in handling SIEM solutions (e.g., Splunk, Sentinel), EDR tools (e.g., CrowdStrike, Microsoft Defender), and SOAR platforms.
- Hands-on experience in threat detection, incident response, and threat hunting.
- Familiarity with cloud security technologies (AWS, Azure, GCP).
- Proficient in scripting/automation using Python, PowerShell, or other relevant tools.
- Strong analytical, problem-solving, and leadership skills.
- Relevant certifications such as CISSP, CISM, CEH, GCIH, GCFA, or equivalent are highly preferred.