SOC Lead-Dallas,Texas-75039

Job Title:SOC Lead

Location: Dallas,Texas-75039

12 Months contract

Need Independent candidate and locals only

We are looking for an experienced SOC Lead to anchor our Security Operations function within a managed services environment. This is a senior, client-facing role combining deep technical expertise in threat detection and vulnerability management with the leadership capability to drive service excellence across a cross-functional delivery team.

Key responsibilities

Security operations & incident management

• Own end-to-end SOC operations monitoring, triage, escalation, and closure across assigned accounts
• Lead P1/P2 security incident bridges coordinating technical response, client communication, and executive reporting simultaneously
• Drive post-incident RCA and feed findings back into detection rules and runbooks
• Maintain and continuously improve the SOC runbook library
• Define and enforce SLA targets for detection, containment, and response

Vulnerability management Qualys

• Own the vulnerability management programme scan scheduling, asset coverage, findings triage, and remediation tracking
• Configure and govern Qualys scan policies, asset groups, and reporting templates aligned to client risk appetite
• Produce executive and operational vulnerability reports translating CVSS scores into prioritised remediation plans
• Define and enforce vulnerability SLAs by severity tier (Critical, High, Medium)
• Own the exception register and risk acceptance process
• Drive continuous improvement of scan coverage agent deployment gaps, credential scan gaps

Threat detection & platform Palo Alto XSIAM/ Trellix

• Operate and govern XSIAM as the primary SIEM/SOAR platform ingestion config, data source onboarding, parser management
• Build, tune, and maintain detection rules and correlation logic
• Develop and manage SOAR playbooks for automated response enrichment, containment, ticketing integration
• Conduct threat hunting exercises using MITRE ATT&CK as the reference framework
• Maintain XSIAM dashboards for both operational and executive audiences

Endpoint security Trellix & Microsoft Defender (MDE)

• Govern EDR across the estate using Trellix and MDE coverage, policy compliance, agent health
• Configure and tune Trellix policies threat prevention rules, containment actions, SIEM integration
• Manage MDE deployment onboarding, alert suppression, custom KQL detection rules
• Coordinate endpoint isolation, forensic investigation, and remediation workflows
• Track and report on endpoint protection coverage, driving remediation of gaps

Threat management & intelligence

• Lead the threat intelligence function consuming feeds, contextualising IOCs, translating into actionable detections
• Conduct regular threat landscape reviews and present findings in governance forums
• Map SOC coverage against MITRE ATT&CK identifying detection gaps
• Maintain a threat register with current actor profiles and defensive recommendations

Process design & governance

• Design, document, and own SOC processes incident response, vulnerability management, change control, escalation workflows
• Establish and run monthly SOC governance reviews SLA performance, incident trends, threat posture
• Define and track SOC KPIs MTTD, MTTR, false positive rate, vulnerability remediation SLA compliance
• Own the SOC tool stack governance version management, health monitoring, integration integrity

Client engagement & stakeholder management

• Serve as the primary SOC point of contact for client stakeholders leading governance calls and QBRs
• Prepare and present monthly and quarterly SOC reports for both technical and executive audiences
• Translate complex security findings into clear, risk-contextualised language for C-suite communication
• Manage client expectations proactively flagging risks and posture changes before they escalate

Team leadership & cross-functional collaboration

• Lead and mentor a team of SOC analysts (L1/L2/L3) performance expectations, appraisals, skills development
• Act as primary escalation point for the team on complex incidents and ambiguous threat scenarios
• Collaborate with infrastructure, IAM, network, and compliance teams for integrated security coverage
• Drive a continuous improvement culture blameless retrospectives, lessons learned, good practice recognition
• Coordinate with ITSM and change management to ensure security events are correctly tracked and closed

Skills & experience

• 7+ years in security operations in a managed services or multi-client SOC environment
• Hands-on Palo Alto XSIAM rule writing, playbook development, data source integration, threat hunting
• Strong Trellix knowledge policy management, EDR configuration, SIEM integration
• Microsoft Defender for Endpoint (MDE) onboarding, custom KQL detections, incident response
• Qualys expertise scan configuration, asset management, vulnerability reporting, remediation governance
• Threat intelligence capability IOC analysis, MITRE ATT&CK mapping, threat hunting methodology
• Strong ITIL process knowledge applied in live operations incident, problem, change, and service reporting
• Proven ability to lead client-facing governance sessions and communicate to senior stakeholders
• Track record of building or improving SOC processes and runbooks

Desirable

• Certifications: CISSP, CISM, CEH, SC-200, Palo Alto XSIAM specialist
• SOAR scripting Python or PowerShell for playbook development
• Cloud security operations Azure Sentinel, AWS Security Hub
• Regulatory framework familiarity PCI-DSS, SOC 2, ISO 27001
• Behavioural competencies
• Accountability owns outcomes, not just activities
• Client orientation treats operational excellence and client confidence as inseparable
• Composure under pressure leads calmly during P1s regardless of client or internal pressure
• Communication clarity adjusts depth and tone for engineers, managers, and executives
• Continuous improvement mindset treats every incident and process gap as a learning opportunity
• Collaborative leadership builds trust across functions through expertise and follow-through