Role: Security Operations Center Lead (Onshore)
12 Months + possible extension
Irvine, CA orange county Area.
Overview
The Security Operations Center Lead (Onshore) is responsible for managing and enhancing the organization s Security Operations Center (SOC) and related cybersecurity functions. This role leads a team of Offshore SOC analysts to detect, investigate, and respond to security incidents while driving continuous improvements in tools, processes, and team capabilities. The Security Operations Lead (Onshore) ensures alignment with business objectives, risk management, and compliance requirements.
Key Responsibilities
- Lead and collaborate with offshore SOC analysts and incident responders, managing daily monitoring, triage, and escalation processes.
- Manage 24x7 operational coverage by the MSSP and ensure adherence to SLAs and response timelines
- Oversee operation and optimization of SIEM, SOAR, and endpoint detection/response (EDR) platforms.
- Direct incident detection, investigation, and coordinated response across IT and business units.
- Coordinate incident analysis, containment, eradication, and recovery activities.
- Serve as the escalation point for critical security events and executive communications.
- Develop and maintain incident response playbooks and ensure integration with IR, vulnerability management, and threat hunting programs.
- Collaborate with the IR and IT teams to ensure forensic evidence handling and post-incident reviews.
- Lead threat hunting, forensic investigations, and root-cause analysis to prevent recurrence of incidents.
- Collaborate with governance, risk, and compliance (GRC) teams to meet regulatory and framework requirements (e.g., NIST CSF 2.0, ISO 27001, NYCRR 500).
- Develop, maintain and report security metrics and dashboards (MTTD, MTTR, incident trends) for executive leadership and risk committees.
- Drive continuous improvement by evaluating tools, automation, and processes to strengthen SOC maturity.
Qualifications
- Bachelor s degree in Cybersecurity, Information Technology, or equivalent experience.
- 10+ years in cybersecurity, with at least 5 years in SOC/security operations leadership.
- Strong knowledge of SIEM, SOAR, EDR, IDS/IPS, and cloud monitoring tools.
- Familiarity with industry frameworks (NIST CSF 2.0, MITRE ATT&CK).
- Excellent leadership, communication, and stakeholder management skills.
- Ability to translate technical risks into business impact.
- Preferred certifications: CISSP, CISM, GCIH, GCFA, or equivalent.
- Strong skills in both spoken and written communication
Success Metrics
- Reduced mean time to detect (MTTD), mean time to respond (MTTR), True Positive to False Positive Ratio, Incident Closure Rate within SLA, SOC Tool Uptime and Data Coverage
- Improved SOC maturity and automation capabilities.
- Strong cross-team collaboration and stakeholder satisfaction.
- High team performance, engagement, and professional development.
Never miss an opportunity! Create an alert based on the job you applied for.