Director, Security Operations Center (SOC)

Provide strategic leadership and oversight of daily SOC operations, ensuring effective monitoring, detection, analysis, and incident response across client environments. Establish and continuously refine SOC governance, policies, and playbooks aligned with industry frameworks such as MITRE ATT&CK to drive standardization and operational excellence. Oversee the deployment, integration, and optimization of core security technologies—including SIEM, SOAR, IDS/IPS, EDR, and threat intelligence platforms—to maximize visibility and response efficiency. Direct coordinated incident response efforts across technical and business functions, ensuring timely resolution and lessons-learned integration through structured post-incident reviews. Partner with IT, legal, compliance, and business leaders to align SOC operations with enterprise risk management objectives and client obligations. Anticipate and mitigate evolving threat vectors by adapting defensive strategies. Build and scale a high-performing SOC team through targeted recruiting, mentorship, and professional development initiatives. Deliver actionable insights and performance reporting to executive stakeholders, translating operational metrics into business outcomes and risk reduction. Define, track, and report on key performance indicators (KPIs) to assess SOC effectiveness, operational efficiency, and client value realization. Leverage automation, orchestration, and scripting (e.g., Python, KQL, PowerShell) to improve detection fidelity, reduce mean time to response (MTTR), and enhance scalability across operations.