SOC Architect

Mission / Purpose of the Job :

Responsible for designing, building, and optimizing the Security Operations Center (SOC) architecture, ensuring it delivers effective detection, response, and resilience against cyber threats. Serve as the technical authority for SOC design and play a key role in advancing automation, orchestration, and scalability for both current and future security operations. Provide leadership in client solutioning, SOC employee development, and knowledge transfer to ensure a high-performing and client-centric SOC.

Job Responsibilities& Requirements

Bachelor’s degree in computer science, Information Security, or related field (Master’s preferred).

Minimum 10 - 14 years’ experience in Security Operations and SOC engineering / architecture.

Hands-on experience with log management, data normalization, correlation rule creation, and advanced analytics..

Solid understanding of cloud security monitoring (AWS, Azure, GCP).

Strong expertise with SIEM (e.g., Splunk, QRadar, Sentinel, Elastic), SOAR (e.g., Palo Alto Cortex XSOAR, Splunk SOAR), and EDR / XDR platforms.

Familiarity with scripting and automation (Python, PowerShell, API integrations).

Relevant certifications such as GIAC GCIA / GCDA, CISSP, CCSP, Splunk Architect, Microsoft Sentinel, or equivalent are highly desirable.

Design and implement the overall architecture of the SOC, including SIEM, SOAR, log sources, threat intelligence feeds, and incident response workflows.

Define the technical roadmap for SOC platforms and tools to support evolving business and security needs.

Ensure seamless integration of detection, monitoring, and response technologies (e.g., SIEM, SOAR, EDR / XDR, NDR, UEBA, TIP).

Oversee the onboarding and configuration of log sources, network sensors, and security tools into SOC platforms.

Develop and optimize correlation rules, detection use cases, and dashboards to improve threat visibility.

Drive automation and orchestration initiatives to streamline incident response, case management, and reporting.

Continuously assess and enhance SOC performance, ensuring scalability and efficiency.

Collaborate with SOC analysts and incident responders to design effective playbooks and escalation paths.

Align SOC capabilities with MITRE ATT&CK, NIST, ISO 27035, and other relevant frameworks.

Integrate threat intelligence sources into SOC workflows to improve proactive threat hunting.

Ensure SOC architecture supports compliance requirements (e.g., GDPR, PCI DSS, ISO 27001, NIST CSF).

Establish security logging, monitoring, and response policies and ensure adherence across systems.

Partner with internal audit, risk, and compliance teams to ensure SOC meets regulatory and contractual obligations.

Serve as the technical SME for SOC design during client engagements, pre-sales meetings, workshops, and RFP responses.

Provide technical leadership, mentorship, and training to SOC analysts and engineers, ensuring continuous capability development.

Oversee SOC team management, fostering a culture of accountability, collaboration, and continuous improvement.

Represent the SOC in executive updates, board presentations, and client-facing reviews.