SOC Incident Response Lead

Get AI-powered advice on this job and more exclusive features.

Direct message the job poster from KAUST (King Abdullah University of Science and Technology)

Driving global talent acquisition excellence @ KAUST About the Role

The Tier 3 Incident Responder Lead plays a critical role within the Security Operations Centre (SOC), serving as the lead escalation point for incidents handed over from the Managed Security Service (MSS) Tier 1 and Tier 2 teams. Operating under the direction of SOC leadership, the role is accountable for leading complex incident investigations, coordinating containment and remediation activities, and ensuring lessons learned are integrated back into SOC operations across both enterprise systems and supercomputing (HPC) environments.

Responsibilities

Lead and coordinate response efforts for complex and major incidents escalated to Tier 3, HPC / supercomputing systems and enterprise platforms.

Conduct deep forensic and log analysis on supercomputer workloads, cluster nodes, and Slingshot / interconnect networks to determine root cause and containment strategy.

Provide expert recommendations for containment, eradication, and remediation, including APT-related activity.

Ensure accurate and timely escalation to SOC leadership, CISO, HPC operations and other stakeholders.

Guide staff to proactively identify, prevent, and respond to security incidents.

Coordinate, follow up on, and elevate complex or major incidents within the SOC team.

Provide technical supervision to the SOC team, managing the escalation process, and reviewing incident reports.

Assist in the development and execution of crisis communication plans to CISO and other stakeholders.

Coordinate with and provide expert technical support to enterprise-wide technicians and staff to resolve confirmed incidents.

Work with CTI teams to enrich HPC-specific threat models and validate indicators of compromise (IOCs) unique to research workloads and high-performance clusters.

Collaborate with the cyber threat intelligence (CTI) team to validate IOCs, profile threat actors, and improve detection capabilities.

Continuously monitor emerging threats and recommend tuning or adjustments to SOC processes and tools.

Conduct in-depth cybersecurity analysis and correlate large datasets to troubleshoot incidents and recommend expedited remediation.

Recommend optimizations to security-monitoring tools based on threat-hunting discoveries and assist in threat actor profiling.

Identify and integrate indicators of compromise (IOCs) into security tools and applications to enhance detection.

Conduct security tool / application tuning engagements to reduce false positives and enhance alerting effectiveness.

Develop advanced threat modelling techniques and construct advanced SIEM use cases.

Assist with tabletop exercises and crisis simulations to validate incident response readiness.

Contribute to the refinement of SOC playbooks, incident handling guidelines, and escalation procedures (with engineering responsible for tool development).

Participate in reviews of incident reports, ensuring quality, accuracy, and actionable recommendations.

Provide input to SOC metrics, KPIs, and compliance reporting to demonstrate operational value.

Document, develop, and enhance operational guidelines.

Develop and maintain KPI reports on service and solution performance.

Generate compliance reports, support audit processes, and measure SOC performance metrics to communicate value to business leaders.

Report common and recurring problems identified through trend analysis to SOC management and propose process or technical enhancements.

Demonstrate the ability to perform in-depth incident analysis and provide detailed root cause identification.

Support SOC leadership in developing metrics, KPIs, and compliance reports to demonstrate security assurance across enterprise and HPC domains.

Coach and mentor junior SOC analysts, including new joiners and graduates.

Share advanced technical expertise and guide team members through escalated incidents.

Support knowledge transfer activities within the SOC.

Ensure the quality of technical advisories and assessments released from the SOC.

Communicate incident status, impact, and response activities to senior stakeholders with influence and clarity.

Collaborate with security architects, CTI, and assessment teams to ensure incident findings feed into long-term improvements.

Participate in security workshops and exercises with internal teams and customers to uplift SOC capability and assurance.

Maintain close collaboration during new projects with security architects and specialists to implement security recommendations.

Collaborate closely with the dedicated KAUST CSOC / CDC Account Manager to meet customer security expectations.

Lead security workshops with KAUST CSOC / CDC customers during onboarding sessions.

Cultivate relationships with industry partners and customers to ensure monitoring compliance and seamless incident response.

Play a significant role in long-term SOC strategy and planning, focusing on operational excellence initiatives.

Qualifications

Bachelor’s degree in Computer Science, Information Security, or a related field.

Industry certifications such as SANS / GIAC (GCFA, GCIH, GCIA), CISSP, OSCP, or equivalent.

Experience in conducting tabletop exercises and training SOC teams.

Scripting or automation skills (Python, PowerShell, KQL) to assist in advanced analysis and threat hunting.

Required Skills

Demonstrated experience leading major incident response investigations within a SOC or enterprise environment.

Strong knowledge of incident response methodologies, threat hunting, and CTI integration.

Proven ability to investigate complex incidents across large-scale systems, including correlation of logs and datasets from HPC clusters and enterprise networks.

Experience providing technical leadership and mentoring within SOC teams.

Hands‑on experience with cloud and security tooling (e.g., SIEM, SOAR, EDR, vulnerability management, AWS, Azure, O365).

Strong communication and stakeholder management skills.

Seniority level

Mid-Senior level

Employment type

Full-time

Job function

Information Technology

Industries

Information Services

Jiddah, Makkah, Saudi Arabia 17 hours ago

#J-18808-Ljbffr