Job Description

ABOUT THE ROLE

Title: SOC Lead


Department: Managed SOC


Classification: Full-time, Exempt


Reports to: SOC Manager


Manages: Assist to Manage SOC Analyst Operations (L1, L2), and IR Team where applicable


Location: On-site


Travel: < 10%


On-Call: Yes

PRIMARY FUNCTION

The SOC Lead is responsible for ensuring day-to-day operations of the Security Operations Center are conducted effectively and efficiently. This role combines operational leadership, team mentorship, quality assurance, and technical expertise to ensure GMI?s SOC provides exceptional threat detection, threat intelligence, threat hunting, and incident response capabilities to its customers. This role demands a high degree of coordination, visibility, and a passion for delivering continuous improvement across processes, people, and platforms.

PRIMARY RESPONSIBILITIES

Leadership and Oversight


Oversee daily SOC operations and assist in coordinating analyst shift activities. Monitor adherence to SLAs and internal quality standards. Provide mentorship and guidance to junior team members.

Security Operations and QA


Monitor security event triage and escalation practices. Track and enforce SOC playbook usage and documentation standards. Lead quality control checks and support continuous improvement cycles.

Tool and Process Optimization


Collaborate with engineers and architects to ensure integration of tools such as SIEM, XDR, IDS/IPS, and vulnerability management. Understand vulnerabilities, exploitation tactics, and remediation strategies. Drive automation to reduce analyst workload and improve response times. Incident Response Support escalated incident response efforts and serve as a coordination point across teams. Ensure proper documentation, RCA, and client reporting on major security events.

Metrics and Stakeholder Engagement


Track OKRs and KPIs to assist to measure SOC effectiveness and return on investment. Communicate outcomes, trends, and operational performance to leadership and clients in weekly/bi-weekly/monthly customer or internal meetings.

Training and Knowledge Development


Develop and deliver training sessions to address knowledge gaps. Create and maintain internal documentation and SOPs. Lead by example and provide mentorship to foster a culture of curiosity and collaboration.

GENERAL REQUIREMENTS

People

are the most important part of GMI and the reason we are successful. The Lead will:


Demonstrate and promote an understanding and commitment to the GMI culture and core values Build credibility with clients by setting and executing against expectations in line with managed scope Maintain and proactively manage utilization target assigned by leadership Ensure accurate project time reporting and accountability to project tasks Speak fluently about GMI services and communicate business opportunities to the sales team Identify and foster industry relationships with internal and external customers to promote the GMI brand

Process

is a foundational component of our service delivery and guides our team to success. The Analyst will:


Review expectations committed to during the outlined processes, understand and manage any changes in expectations and manage them throughout the engagement, communicate and resolve exceptions with leadership Collaborate with internal team members to drive client success through innovation, experience and thought leadership Continuously improve product and process through communication showing execution of experience Continuously optimize internal GMI delivery "run-books" and internal delivery documentation

Technology

expertise is why our customers trust GMI. We deliver custom solutions based on specific customer challenges. The Analyst will:


Provide high-level technical oversight of SOC tools and ensure proper triage, detection, and escalation workflows. Lead operational aspects of advanced investigations alongside incident commander, including root cause analysis and actionable remediation plans. Serve as a subject matter expert across multiple security platforms, offering strategic guidance on tuning, threat modeling, and detection coverage. Develop, implement, and document design plans, integration strategies, and operational guidance for SOC technologies while working side-by-side with other departments like SOC/Security Engineering and/or Advisory. Proactively conduct independent research and formulate improvements to detection engineering, threat intelligence use, threat hunting, and workflow optimization. Mentor and guide analysts across the SOC in technical upskilling, contributing to the continuous professional development of the team. Establish and maintain a structured training regimen for analysts and team members to mature operational capability and threat response. Build knowledge libraries and ensure effective knowledge transfer within the team and across departments.

QUALIFICATIONS

Education

A bachelor?s degree in CS, Math, Engineering, MIS, CIS or related field is preferred, but not required.

Skills and Certification

Vendor or industry technical certification(s) like: CySA+, CISM, GSEC, GCIA, GPEN, GCIH, GCTI, Crowdstrike Responder or equivalent Ability to translate complex technical issues into clear business outcomes. Experience with process optimization, automation tools, and incident response workflows. Strong technical knowledge in SIEM, XDR, IDS/IPS, firewalls, EDR, vulnerability scanners including the following: Systems Administration - Windows or nix
Windows Management technology ? AD, GPO Networking - OSI Model, Cisco, Checkpoint, Fortinet, Palo, etc. Network Analysis tool ? Nmap, Net witness, Wireshark, etc. Identity Management SIEM ? Elastic Stack, Microsoft Sentinel, etc. Operating Systems - Server and Desktop, Windows, MAC, Linux Security Solutions or Software Vulnerability management ? CrowdStrike, Nessus, Rapid7, Burp Suite, etc.

Knowledge and Experience

A minimum of 5 years in SOC environment is required. Prior team leadership and mentorship experience required. Ability to develop and present technical material to all audience levels. Accountable self-starter with strong organizational and interpersonal skills Proven ability to manage escalated security incidents and drive quality insurance initiatives. Strong communication, time management, prioritization, problem solving, and decision-making skills under pressure.

Additional Information

While performing the duties of this job, the employee is regularly required to stand, sit, talk, hear and use hands and fingers to operate a computer Ability to sit at a computer terminal for an extended period Light to moderate lifting is required Reasonable accommodations may be made to enable individuals with disabilities to perform these functions

Benefits

Medical, Dental, Vision Insurance 401K with 4% company match Generous Time off policy Stock Apprceiation Rights after year one * Rapidly growing company with opportunities for advancement