About this SOC Team Lead role at Qode
Job Description
hr@ithr360.com | www.ithr360.com
SOC Team Lead
Managed Security Services · Security Operations Centre
Location: UAE / Middle East (On-site)
Employment Type: Full-Time
Department: Managed Security Services – SOC
Experience: 5–8 Years (SOC / Incident Response)
Reports To: Director of Managed Services
ABOUT ITHR
ITHR is a technology consulting and professional services organisation supporting enterprises across the UAE and Middle East with digital transformation, cybersecurity, ERP implementation, talent solutions, managed services, and custom application development.
Our cybersecurity practice provides a comprehensive portfolio of services including Managed SOC, Digital Forensics & Incident Response (DFIR), Vulnerability Assessment & Penetration Testing (VAPT), Network Security, Brand Protection, Security Advisory, and Managed Security Services.
Our Managed SOC is a strategic service offering that delivers continuous threat monitoring, detection, and response capabilities to customers across the region. As we continue to expand our managed services portfolio, we are seeking a technically strong and operationally experienced SOC Team Lead to maintain the quality, consistency, and effectiveness of our security operations capabilities.
ROLE OVERVIEW
The SOC Team Lead is a senior hands-on role responsible for the day-to-day leadership of the ITHR Security Operations team.
You will oversee a team of SOC analysts (L1/L2/L3), own the quality of detection and response across monitored customer environments, and serve as the primary escalation point for significant incidents.
This role combines technical depth with people leadership and operational excellence. You will contribute directly to threat detection and investigation activities while driving continuous improvements in analyst capability, detection engineering, playbook maturity, SIEM coverage, and customer communications.
You will work closely with DFIR specialists, delivery teams, account managers, and customer stakeholders while helping shape the evolution of the SOC practice as ITHR expands its managed security services capabilities.
KEY RESPONSIBILITIES
- Lead, mentor, and develop a team of L1, L2, and L3 SOC analysts, owning shift coverage, performance management, and professional growth.
- Serve as the primary escalation point for high-severity and complex incidents across monitored customer environments.
- Conduct and oversee threat detection, alert triage, investigation, and incident response activities while remaining actively involved in analysis and investigation work.
- Lead threat hunting initiatives by proactively identifying indicators of compromise, attacker persistence mechanisms, lateral movement, and emerging threats.
- Own and continuously improve SIEM correlation rules, detection logic, use cases, and alert tuning to reduce false positives and improve detection effectiveness.
- Develop, maintain, and enforce incident response playbooks, operational runbooks, and escalation procedures to ensure consistent execution across the SOC.
- Produce and review customer-facing incident reports, security advisories, executive summaries, and monthly service reports to ensure clarity, accuracy, and business relevance.
- Manage SLA adherence across detection, triage, escalation, containment, and response activities, identifying bottlenecks and implementing service improvements.
- Collaborate with DFIR teams on post-incident reviews, lessons learned exercises, and continuous enhancement initiatives.
- Coordinate with customers and internal delivery teams during active incidents, providing updates, guiding containment actions, and managing stakeholder expectations.
- Support customer onboarding activities including log source integration, use case development, baseline establishment, and initial detection tuning.
- Stay current with the threat landscape, attacker methodologies, regional threat actors, and emerging attack trends, translating these insights into actionable improvements.
- Support internal audits, compliance initiatives, customer assessments, and managed security governance activities as a technical authority.
REQUIRED QUALIFICATIONS (MUST-HAVE)
- 5–8 years of experience in security operations, with at least 2 years in a senior analyst or team lead capacity.
- Proven hands-on experience with SIEM platforms including rule development, log integration, alert tuning, investigation workflows, and detection engineering.
- Experience with Microsoft Sentinel, Splunk, IBM QRadar, or similar enterprise SIEM technologies.
- Strong practical understanding of incident response methodologies including triage, containment, eradication, recovery, and post-incident activities.
- Deep understanding of attacker tactics, techniques, and procedures (TTPs) and strong familiarity with the MITRE ATT&CK framework.
- Hands-on experience with endpoint detection and response technologies such as CrowdStrike, SentinelOne, Microsoft Defender, or equivalent solutions.
- Experience with network security monitoring, IDS/IPS technologies, firewall investigations, and anomaly detection techniques.
- Strong reporting and communication capabilities, including production of executive-ready incident reports and customer communications.
- Demonstrated ability to lead, coach, and develop analysts within a shift-based operational environment.
- At least one of the mandatory certifications listed below must be held at the time of application.
CERTIFICATIONS
Candidates must hold at least one of the mandatory certifications listed below. Additional certifications are considered advantageous.
Mandatory Certifications (At Least One Required)
- CISSP – Certified Information Systems Security Professional (ISC²)
- GCIH – GIAC Certified Incident Handler (GIAC / SANS)
- GCFA – GIAC Certified Forensic Analyst (GIAC / SANS)
- ISO/IEC 27001 Lead Implementer or Lead Auditor (PECB, BSI, or equivalent)
Advantageous Certifications
- GCED – GIAC Certified Enterprise Defender (GIAC / SANS)
- Certified SOC Analyst (CSA) – EC-Council
- Microsoft Certified: Security Operations Analyst (SC-200)
- CompTIA CySA+
- CompTIA Security+
PREFERRED QUALIFICATIONS (NICE-TO-HAVE)
- Experience within a Managed SOC or MSSP environment supporting multiple customer environments simultaneously.
- Experience with SOAR platforms including Microsoft Sentinel SOAR, Palo Alto XSOAR, Splunk SOAR, or equivalent orchestration technologies.
- Familiarity with cloud security monitoring including Azure, AWS, and GCP log sources, cloud-native detections, and identity-centric attack patterns.
- Exposure to DFIR methodologies including memory analysis, disk forensics, malware triage, and forensic investigations.
- Understanding of OT and ICS monitoring concepts.
- Prior experience delivering managed security services within the UAE or Middle East region.
- Familiarity with regional frameworks and standards including UAE IA, NESA, SAMA, and sector-specific compliance requirements.
- Scripting capabilities using Python, PowerShell, or KQL for automation, parsing, and detection engineering.
SOFT SKILLS & PROFESSIONAL ATTRIBUTES
- Calm and decisive under pressure with the ability to confidently lead teams through high-severity incidents.
- Strong written and verbal communication skills with the ability to brief customers, executives, and technical stakeholders effectively.
- Detail-oriented while maintaining visibility of broader operational objectives.
- Natural mentor who actively contributes to analyst growth and capability development.
- Continuous improvement mindset focused on improving detection quality, reducing operational noise, and enhancing response effectiveness.
- Operates with integrity, professionalism, and discretion when handling sensitive customer information.
WHAT WE OFFER
- Competitive Compensation — Salary aligned with experience, expertise, and regional market benchmarks.
- Training & Certification Budget — Dedicated annual investment in certifications, labs, and professional development.
- Hands-on Technical Exposure — Lead investigations and response activities across a diverse customer portfolio.
- Influence Over the Practice — Opportunity to shape SOC strategy, tooling decisions, operational processes, and team growth.
- Growth Path — Clear progression into SOC Manager, Head of SOC, Managed Services Director, or DFIR leadership roles.
- Culture — A collaborative technology-focused team that values technical excellence, ownership, customer success, innovation, and execution.