Technical SOC Lead - San Jose, CA or Palo Alto, CA or (Any TCS specified offices) / Hybrid role - Contract

[Divya Sai]

Hi

Please share Updated resume to divya.c@itechus.net

Job Description:

Role: Technical SOC Lead

Location : San Jose, CA or Palo Alto, CA or (Any TCS specified offices) / Hybrid role

Type : Contract

The Technical SOC Lead is the senior technical authority within the Security Operations Centre, responsible for advanced incident response, SIEM engineering, detection engineering automation, threat hunting, and overall platform maturity. This role acts as the technical escalation point for L1/L2/L3 analysts and drives the technical roadmap for improving detection capability, reducing false positives, and strengthening cyber defense.

 

Key Responsibilities :

• Lead end-to-end response for high-severity security incidents (malware, phishing, identity compromise, privilege misuse, lateral movement, cloud breaches).
• Lead L1, L2, and L3 SOC teams to ensure 24x7 monitoring, analysis, and response.
• Oversee BAU operations including ticket management, SLA tracking, shift governance, dashboards, and reporting.
• Perform deep-dive investigations using SIEM, EDR, logs, memory analysis, and network telemetry.
• Define containment and eradication actions and coordinate with Infrastructure, Network, and Cloud teams.
• Lead root cause analysis (RCA) with actionable remediation steps.
• Develop and continuously improve incident response playbooks.
• Monitor and integrate new log sources (cloud, network, identity, endpoint, SASE/ZTNA, application logs).
• Create and tune correlation rules and use cases mapped to MITRE ATT&CK.
• Reduce false positives by tuning rules, data normalization, suppression logic, and enrichment.
• Lead post-incident reviews and implement corrective actions.
• Ensure parsing, field extraction, UDM/CEF mappings, and data quality validation.
• Handle customer interactions, weekly governance decks, KPI/KRI reporting, and monthly service reviews

 

Thanks,

Divya