SOC Commander (Global)

Location: Remote (Global)
Department: Fusion Center / Security Operations
Reports To: VP, Cybersecurity / CISO

POSITION SUMMARY

The SOC Commander is the global leader responsible for the operational excellence, maturity, and performance of Reveald’s 24x7 Security Operations Center (SOC), which supports MDR, MPDR, and Managed Prevention services across multiple regions. This role oversees distributed SOC teams worldwide—analysts, incident responders, and senior specialists—ensuring consistent, high-fidelity threat detection, investigation, containment, and client communication across all time zones.

The SOC Commander owns the service delivery lifecycle and operational KPIs; drives detection quality and response maturity; and partners tightly with Platform Engineering, Security Automation (SOAR), Data Intelligence, and Customer Success to continually evolve our managed services. This leader must combine deep SOC operations expertise with strong people management, communication, and cross-functional alignment skills.

Ideal candidates bring hands-on MSSP/MDR leadership experience, excellent incident management capabilities, and familiarity with enterprise-scale detection and response technologies—especially CrowdStrike Falcon and LogScale, and Trellix ePO/EDR. They must excel at operationalizing detection content, case handling standards, and customer-facing response at scale.

KEY RESPONSIBILITIES

1. Global SOC Leadership & Service Delivery

• Lead 24x7 global SOC operations across all tiers and regions, delivering consistent monitoring, triage, investigation, containment, and recovery for multi-tenant clients.

• Own and continuously improve core SOC performance metrics: MTTD, MTTR, case quality, false positive rate, detection coverage, and CSAT/NPS.

• Establish, enforce, and mature operational standards including: playbooks, runbooks, case-handling procedures, severity models, escalation paths, and follow-the-sun scheduling.

• Serve as Global Incident Commander for priority incidents, coordinating cross-functional technical teams and leading executive-level communications to clients.

• Ensure smooth transitions between global shifts and regions, maintaining operational continuity and service consistency.

2. Detection Quality, Content Governance & Signal Fidelity

• Direct global detection quality efforts across EDR and SIEM, defining case-quality expectations, investigative standards, and continuous tuning processes.

• Drive feedback loops from investigations, threat hunts, and client incidents to strengthen detection fidelity.

• Partner with Engineering and Security Automation to optimize:

  • high-fidelity signal intake,

  • data enrichment,

  • alert routing and correlation, and

  • analyst workflow efficiency.

• (Preferred) Oversee or contribute to SIEM use-case development, content lifecycle, and modernization of detection frameworks.

3. Threat Hunting Program Development

• Establish the strategy, operating model, and metrics for Reveald’s threat hunting program globally.

• Pilot lightweight, hypothesis-driven hunts; scale mature capabilities across regions.

• Convert hunt findings into durable detections, enriched playbooks, and client-facing insights.

• Integrate hunt learnings into SOC continuous improvement processes and platform roadmap.

4. Platform, SOAR, and Automation Collaboration

• Serve as the operational counterpart to Platform Engineering teams who manage and optimize:

  • CrowdStrike Falcon & LogScale

  • Trellix ePO/EDR

  • Additional MDR tooling, threat intel sources, and data pipelines.

• Collaborate with the SOAR Engineering team (Swimlane) to:

  • identify automation opportunities,

  • reduce analyst toil,

  • streamline case orchestration, and

  • accelerate containment and response actions.

• Provide SOC operational requirements and feedback to guide automation design, integrations, and data-quality improvements.

5. Client Engagement & Executive Communications

• Act as the senior SOC point of escalation for client incidents and executive-level conversations.

• Deliver clear, concise, outcome-driven communications including:

  • incident reports,

  • advisory updates,

  • monthly/quarterly service reviews, and

  • SOC operational metrics aligned to client value.

• Partner with Customer Success on escalations, onboarding, and continuous improvement engagements.

6. People Leadership & Operational Maturity

• Recruit, mentor, and retain top SOC talent globally; create development paths and certification tracks for analysts and responders.

• Manage global scheduling, shift optimization, and workforce planning; ensure world-class 24x7 coverage.

• Conduct case audits, QA reviews, and coaching sessions to drive consistent, high-quality investigations.

• Lead capacity modeling, regional expansion planning, and hiring strategies in partnership with VP/CISO and Workforce Management.

MINIMUM QUALIFICATIONS

• 7+ years in cybersecurity operations with 3+ years directly managing an MSSP/MDR SOC or multi-tenant SOC environment.

• Proven success leading 24x7 global operations with measurable improvements in detection fidelity, operational efficiency, and MTTR.

• Hands-on experience operationalizing and/or overseeing:

  • CrowdStrike Falcon (required)

  • CrowdStrike LogScale (required)

  • Trellix ePO/EDR (required)

  • Trellix Helix (ideal but not required)

• Strong incident management experience coordinating containment, eradication, and recovery across endpoint, identity, email, and cloud.

• Demonstrated experience building SOC processes including playbooks, case-handling standards, severity models, and escalation workflows.

• Exceptional written, analytical, and executive communication skills.

• Proven ability to collaborate effectively with platform engineering, detection engineering, and SOAR/automation teams.

PREFERRED QUALIFICATIONS

• Experience with one or more:

  • CrowdStrike NG-SIEM

  • Trellix Helix

  • Splunk ES

  • Microsoft Defender (MDE/MDO/MDI)

  • Microsoft Sentinel

• Experience with SOAR platforms (Swimlane, Falcon Fusion, Splunk SOAR, Sentinel).

• Experience designing or governing SIEM detection content and lifecycle.

• Exposure to multi-cloud environments (AWS, Azure, Google Cloud Platform) and identity-centric detections (Entra ID/AAD, Okta).

• Bachelor’s degree in Cybersecurity, Computer Science, or related field (or equivalent experience).

• Relevant certifications: CISSP, GCIH, GCIA, GCFA, GMON, GCED, CrowdStrike/Trellix/Microsoft certifications.

SUCCESS METRICS (First 6–12 Months)

• Reduced MTTR, false positives, and case-handling variability while increasing detection coverage and fidelity.

• Fully documented and matured IR playbooks for top threat scenarios (EDR, identity attacks, ransomware, BEC, privilege misuse).

• Launched and operationalized a scalable, hypothesis-driven threat hunting program.

• Delivered automation enhancements (in partnership with Engineering and SOAR) that materially reduce analyst workload and accelerate response.

• Achieved strong CSAT/NPS scores across incidents, onboardings, and QBRs, with improved case audit scores and analyst performance.

COMPENSATION & BENEFITS

Reveald offers a competitive global compensation package designed to support you and your family. Benefits include:

• Competitive salary and performance-based bonus

• Comprehensive health, dental, and vision plans

• Company-paid life and disability coverage

• 401(k) with generous company match

• Flexible PTO and paid holidays

• Remote-first culture with high collaboration

• Opportunities for professional development, training, and certification support

• Occasional travel for team meetings, client workshops, and priority incidents