SOC Lead

About

Our client based in Isando is seeking a SOC Lead with 7+ years’ experience in cybersecurity operations, including a minimum of 3 years leading SOC or Incident Response teams. The ideal candidate must have hands-on experience configuring and managing SIEM, SOAR, and XDR platforms. You must have proven experience in providing operational leadership within a Security Operations Centre (SOC), ensuring effective 24x7 monitoring, investigation, and resolution of security incidents.

Duties & Responsibilities

Qualifications and Experience:

• Matric plus NQF Level 6 Qualification in Information Technology, Computer Science, Cybersecurity, or related field
• Professional certification: CompTIA CySA+, ECCouncil CEH, GIAC GCIH, or similar
• Strong knowledge of SOC operations, incident management, network security, and cyber defence principles
• Valid Driver’s License.
• 7–10 Years in cybersecurity operations, including at least 3 years leading SOC or IR teams
• Proven experience managing complex, multi-stage cyber incidents and investigations
• Hands-on experience configuring and operating SIEM, SOAR, and XDR platforms
• Demonstrated ability to lead cross-functional incident response (Apps, Infra, Data)
• Proficiency in scripting, automation, and analytics for SOC efficiency
• Experience producing executive reports on incidents, trends, and risk posture
• Working knowledge of threat frameworks: MITRE ATT&CK, NIST SP 800-61, Cyber Kill Chain.

Key Deliverables:

SOC Leadership and Operational Oversight

• Lead day-to-day operations of the company’s SOC, ensuring 24×7 threat monitoring and response
• Manage incident queues, escalation processes, and resource allocation across shifts
• Ensure consistent quality and accuracy of investigations and incident reports
• Establish KPIs/KRIs for SOC performance (MTTD, MTTR, alert-to-incident ratio)
• Coordinate across IT and business units during a major incident command.

Threat Detection and Response Strategy

• Design and maintain the company’s detection and response strategy aligned to the enterprise risk appetite
• Oversee tuning and optimisation of SIEM and EDR correlation rules
• Validate coverage against MITRE ATT&CK tactics and regulatory control requirements
• Develop advanced detection content, threat models, and analytics dashboards
• Continuously assess and enhance response processes through automation.

Incident Management and Forensics

• Lead high-severity investigations, containment, eradication, and recovery actions
• Ensure incident playbooks are tested, documented, and continuously improvement
• Coordinate digital forensics and evidence-collection activities when required
• Drive post-incident reviews and ensure corrective actions are implemented
• Maintain compliance with ISO 27001 incident management requirements.

SOC Technology Management and Automation

• Oversee integration of SOC tools (SIEM, SOAR, EDR, threat-intel platforms)
• Evaluate and recommend new technologies to strengthen detection capability
• Implement automation scripts and SOAR playbooks to improve efficiency
• Maintain system health, performance, and data integrity across monitoring tools
• Manage relationships with SOC vendors and managed-service providers.

Threat Intelligence and Continuous Improvement

• Integrate internal and external threat intelligence into operational workflows
• Track emerging TTPs and adjust detection content accordingly
• Conduct regular threat-hunting and red/blue exercises
• Benchmark SOC maturity against global best practice (NIST CSF, MITRE D3FEND)
• Report improvement initiatives and roadmap progress to the Senior Manager: IT Security.

People Leadership and Capability Building

• Lead, mentor, and develop the SOC team across L1–L3 levels
• Conduct performance reviews and define individual development plans
• Facilitate certification pathways and simulation training
• Foster a culture of continuous learning and operational excellence
• Promote collaboration with Security Engineering, Risk & Compliance, and Architecture teams.