Lead SOC Analyst

About The Position

Requirements

• 8+ years of experience in security operations, incident response, vulnerability management, or related cybersecurity roles.
• Demonstrated experience functioning as a technical lead or team lead within a SOC or security operations environment.
• Strong experience with: Cloud platforms (AWS and Azure), Vulnerability management tools and methodologies, SIEM (Rapid7 preferred), SOAR, EDR/XDR.
• Deep understanding of: Threat landscape (cloud, SaaS, identity), Vulnerability frameworks (CVSS, MITRE ATT&CK, KEV, OWASP).
• Experience building or improving security processes, tooling, and operational capabilities.
• Strong cross-functional collaboration and stakeholder management skills.
• Proficiency in scripting languages (Python, Bash, PowerShell, JavaScript) and KQL for advanced log analysis.
• Familiarity with frameworks and regulations relevant to Copperleaf (ISO 27001, SOC 2, NIST CSF, CIS Controls, GDPR).
• Expertise with Windows, macOS, and Linux systems.

Nice To Haves

• Preferred certifications include: CISSP (strongly preferred), GIAC certifications (e.g., GCIH, GCED, GDAT), AWS Certified Security – Specialty, AWS Certified Security Engineer – Associate, Microsoft Certified: Azure Security Engineer Associate (AZ-500), Microsoft Certified: Security Operations Analyst (SC-200).

Responsibilities

• Act as the technical lead and primary escalation point for Security Operations and Vulnerability Management.
• Provide mentorship and guidance to intermediate analysts, supporting capability development and operational consistency.
• Drive team maturity, process standardization, and operational excellence across detection, response, and remediation functions.
• Lead by influence across teams, ensuring alignment without direct reporting authority.
• Contribute to performance metrics, KPIs, and reporting for leadership visibility.
• Lead complex investigations across AWS & Azure environments, identity systems, endpoints, and SaaS infrastructure.
• Oversee incident response activities including containment, remediation, and post-incident analysis.
• Enhance SOC playbooks, SOPs, and detection logic to improve response efficiency and effectiveness.
• Drive ongoing improvements in logging, monitoring coverage, and alert fidelity.
• Lead the end-to-end vulnerability management lifecycle including identification, prioritization, tracking, remediation, and validation across: Cloud environments (AWS, Azure), Applications and SaaS platforms, Infrastructure, endpoints, and third-party systems.
• Partner with IT, CloudOps, R&D, and Security Architecture to reduce attack surface and ensure timely remediation.
• Prioritize vulnerabilities based on business risk, exploitability, and threat intelligence (e.g., KEV, CVSS, EPSS).
• Establish and maintain repeatable, scalable vulnerability management processes and tooling.
• Develop metrics and reporting on vulnerability posture, remediation SLAs, and risk exposure.
• Develop and tune detection logic mapped to MITRE ATT&CK across cloud and SaaS environments.
• Design and implement automation workflows, playbooks, and operational tooling improvements.
• Evaluate and optimize use of SIEM, EDR/XDR, and cloud-native security tools.
• Drive continuous improvement through tool rationalization, automation, and innovation initiatives.
• Track emerging threats relevant to SaaS providers, cloud platforms, Kubernetes, identity infrastructure, and AI‑driven attack techniques.
• Conduct proactive threat hunting across cloud workloads, identity logs, endpoints, and product telemetry.
• Collaborate closely with Security Architecture, R&D, CloudOps, IT, and Platform teams.
• Support secure design, operational visibility, incident readiness, and remediation coordination.
• Communicate risks, trends, and recommendations to both technical and business stakeholders.

Benefits

• Flexible paid time off, including sick and holiday
• Medical, dental, & vision insurance
• RRSP Company contribution
• Life insurance and disability benefits
• Tuition assistance
• Community involvement and volunteering events