Jobs · Management · California

Security Operations Lead

Replit · Foster City, CA · 3 days ago
HybridManagement$295k–$385k/yrFull-time

About the role

The Security Operations Lead (SOC Lead) will build, mature, and operate our 24/7 detection and response capabilities across a modern cloud-native and AI-driven environment. This role leads the global SOC function, covering monitoring, SIEM ownership, detection engineering, alert triage, and operational readiness, while also evaluating and integrating emerging AI-based SOC products and autonomous response platforms.

Responsibilities

  • Lead the global SOC team responsible for 24/7 monitoring, alert intake, triage, correlation, and escalation.
  • Mentor and scale a global SOC team.
  • Build operational rigor: processes, runbooks, SLAs, metrics, and quality standards for high-scale environments.
  • Cover monitoring across: Cloud infrastructure (GCP, AWS, Azure), Kubernetes/GKE/EKS/AKS clusters, SaaS platforms (Google Workspace, GitHub, Slack, Okta, etc.), endpoints (macOS, Linux, Windows) including EDR/XDR telemetry, developer platforms + CI/CD pipelines, AI/ML systems and model-serving workflows.
  • Evaluate, adopt, and integrate AI-native SOC technologies for triaging, detection, and correlation.
  • Identify opportunities to automate triage, investigations, enrichment, and reporting.
  • Serve as the internal expert on the capabilities and limitations of AI-based SOC tooling.
  • Own the entire SIEM ecosystem—ingestion, normalization, correlation, enrichment, tuning, dashboards, and metrics.
  • Expand telemetry across: Cloud logs, API logs, system events, SaaS audit logs and admin events, Identity providers (Okta, Google, Azure AD).
  • Develop high-fidelity detections for: Cloud-native attacks, identity threats and lateral movement, SaaS misconfigurations and privilege abuse, endpoint malware/behavior anomalies, insider threats and account takeover patterns.
  • Collaborate with Engineering, Cloud Security, and SRE to ensure telemetry supports detection use cases.
  • Triage, threat analysis & escalation: Lead day-to-day triage and threat analysis activities, ensuring accurate categorization and prioritization. Drive complex investigations involving correlated events across cloud, SaaS, endpoints, and developer platforms. Guide root cause analysis and work with owners to drive remediation and architectural improvements.
  • Continuously refine logic, reduce false positives, and improve signal quality.
  • Cross-functional collaboration: Partner with Cloud Security on cloud posture and preventative controls. Work with Compliance/GRC to support SOC 2, ISO 27001, and audit readiness. Collaborate with SRE and Engineering to instrument new services with structured logs and detection hooks. Coordinate with IT / Endpoint teams to ensure full endpoint telemetry and EDR response readiness. Communicate threats, gaps, and trends to leadership and engineering stakeholders.

Required Skills & Experience

  • 7+ years of experience in Security Operations, with 3+ years in a senior or lead capacity.
  • Experience leading or collaborating with 24/7 SOC environments (internal, hybrid, or MSSP).
  • Strong experience with SIEM platforms (Chronicle, Splunk, Elastic, Sentinel, Panther, etc.).
  • Deep understanding of: Cloud security monitoring (GCP required; AWS/Azure preferred), SaaS security monitoring (Okta, Google Workspace, GitHub, Slack, etc.), Endpoint security telemetry (EDR/XDR tools such as CrowdStrike, SentinelOne, or Defender), Kubernetes and container detection.
  • Hands-on detection engineering skills, event correlation, threat hunting, and log analysis.
  • Familiarity with AI-based SOC platforms and LLM-driven detection/triage tools.
  • Strong understanding of identity security, OAuth/OIDC, and API telemetry patterns.
  • Experience with SOAR and scripting (Python, Go, Bash).
  • Knowledge of MITRE ATT&CK, cloud kill chains, behavioral detections, and detection lifecycle management.

Preferred Qualifications

  • Experience with UBA/UEBA, ML-driven anomaly detection, or autonomous remediation systems.
  • Previous experience at a high-growth tech company.
  • Security certifications (GCIH, GCIA, GCTI, GCDA, GCFA, etc.).

Similar jobs

Security Operations Lead

AIS (Applied Information Sciences)Alexandria, VA· 1 mo ago
Management$138k–$209k/yrapply on appliedis.wd5.myworkdayjobs.com

Security Officer Lead

Dignity HealthSacramento, CA· 3 days ago
Information Technology$27.25–$31.93/hrapply on commonspirit.careers