Lead SOC Analyst
UFP Industries · Grand Rapids, MI · 1 wk ago
Information TechnologyFull-time
Job Summary
The Lead SOC Analyst is responsible for leading the daily operations of the Security Operations Center (SOC) while actively participating in threat detection, investigation, and response activities. This role operates in a player/coach capacity, balancing hands-on incident response with team leadership, process development, and SOC maturity initiatives.
Principal Duties And Responsibilities
- Act as the senior escalation point for security incidents, providing hands-on investigation and response.
- Perform advanced threat hunting, incident analysis, and root cause determination.
- Lead and coordinate incident response activities across IT, infrastructure, and application teams.
- Validate and enrich alerts generated by internal tools and external MDR provider.
- Ensure timely containment, remediation, and closure of security incidents.
MDR Vendor Management
- Serve as the primary operational liaison with our MDR provider.
- Manage day-to-day interactions including alert triage alignment, escalation handling, and service quality.
- Review MDR detections, investigations, and recommendations for accuracy and relevance.
- Identify and drive improvements in detection coverage, alert fidelity, and response processes.
- Participate in regular service reviews and ensure deliverables meet organizational expectations.
SOCLeading and Team Development
- Provide technical leadership and guidance to SOC analysts.
- Lead daily SOC operations including prioritization of alerts, workload management, and escalation decisions.
- Mentor and develop analysts through coaching, training, and knowledge sharing.
- Establish expectations for investigation quality, documentation, and response timelines.
- Support hiring, onboarding, and skill development of SOC team members.
SOCMaturity and Process Development
- Develop, document, and maintain SOC standard operating procedures (SOPs), playbooks, and runbooks.
- Identify gaps in SOC processes and implement improvements to increase consistency and effectiveness.
- Define and track SOC metrics and KPIs (e.g., MTTR, alert volume, false positives, escalation rates).
- Standardize incident documentation and evidence collection to support audit and compliance requirements.
- Drive continuous improvement initiatives aligned to industry best practices and organizational goals.
Detection Engineering and Monitoring
- Collaborate with engineering and security teams to improve detection logic and use cases.
- Develop and tune detection rules within SIEM, XDR, and MDR platforms.
- Identify gaps in logging and telemetry and work with teams to onboard required data sources.
- Ensure monitoring coverage for systems handling sensitive or critical data.
- Contribute to threat modeling and detection strategy development.
Communication and Stakeholder Engagement
- Communicate security incidents, risks, and trends to technical and non-technical stakeholders.
- Provide clear and concise reporting on incident outcomes and lessons learned.
- Partner with infrastructure, application, and business teams to improve security practices.
- Support audit, compliance, and risk management activities as needed.