Security Operations Lead

ReplitFoster City, CA
$295,000 - $385,000Hybrid

About The Position

Replit is seeking a Security Operations Lead (SOC Lead) to establish, enhance, and manage its 24/7 detection and response capabilities within a sophisticated cloud-native and AI-driven infrastructure. This leadership position will direct the global SOC operations, encompassing monitoring, SIEM management, detection engineering, alert triage, and ensuring operational readiness. A key aspect of this role involves assessing and integrating cutting-edge AI-powered SOC solutions and autonomous response systems. The lead will oversee monitoring across multiple cloud platforms (primarily GCP, with secondary AWS/Azure), Kubernetes, various SaaS applications, endpoints, developer tools, and AI workloads. Collaboration with Cloud Security, Compliance/GRC, SRE, Platform Engineering, IT/Endpoint teams, and AI Infrastructure is crucial to ensure the detection strategy is scalable and effectively counters evolving threats. This is a hands-on leadership opportunity for an individual eager to shape the future of SOC operations while tackling complex challenges in a high-scale AI environment.

Requirements

  • 7+ years of experience in Security Operations, with 3+ years in a senior or lead capacity.
  • Experience leading or collaborating with 24/7 SOC environments (internal, hybrid, or MSSP).
  • Strong experience with SIEM platforms (Chronicle, Splunk, Elastic, Sentinel, Panther, etc.).
  • Deep understanding of cloud security monitoring (GCP required; AWS/Azure preferred).
  • Deep understanding of SaaS security monitoring (Okta, Google Workspace, GitHub, Slack, etc.).
  • Deep understanding of endpoint security telemetry (EDR/XDR tools such as CrowdStrike, SentinelOne, or Defender).
  • Deep understanding of Kubernetes and container detection.
  • Hands-on detection engineering skills, event correlation, threat hunting, and log analysis.
  • Familiarity with AI-based SOC platforms and LLM-driven detection/triage tools.
  • Strong understanding of identity security, OAuth/OIDC, and API telemetry patterns.
  • Experience with SOAR and scripting (Python, Go, Bash).
  • Knowledge of MITRE ATT&CK, cloud kill chains, behavioral detections, and detection lifecycle management.

Nice To Haves

  • Experience with UBA/UEBA, ML-driven anomaly detection, or autonomous remediation systems.
  • Previous experience at a high-growth tech company.
  • Security certifications (GCIH, GCIA, GCTI, GCDA, GCFA, etc.).

Responsibilities

  • Lead, mentor, and scale a global SOC team responsible for 24/7 monitoring, alert intake, triage, correlation, and escalation.
  • Build operational rigor: processes, runbooks, SLAs, metrics, and quality standards for high-scale environments.
  • Oversee monitoring across cloud infrastructure (GCP, AWS, Azure), Kubernetes/GKE/EKS/AKS clusters, SaaS platforms (Google Workspace, GitHub, Slack, Okta, etc.), endpoints (macOS, Linux, Windows) including EDR/XDR telemetry, developer platforms + CI/CD pipelines, and AI/ML systems and model-serving workflows.
  • Evaluate, adopt, and integrate AI-native SOC technologies for triaging, detection, and correlation.
  • Identify opportunities to automate triage, investigations, enrichment, and reporting.
  • Serve as the internal expert on the capabilities and limitations of AI-based SOC tooling.
  • Own the entire SIEM ecosystem—ingestion, normalization, correlation, enrichment, tuning, dashboards, and metrics.
  • Expand telemetry across cloud logs, API logs, system events, SaaS audit logs and admin events, identity providers (Okta, Google, Azure AD), and endpoint EDR/XDR event streams.
  • Standardize data schemas and improve detection signal quality across sources.
  • Develop high-fidelity detections for cloud-native attacks, identity threats and lateral movement, SaaS misconfigurations and privilege abuse, endpoint malware/behavior anomalies, and insider threats and account takeover patterns.
  • Use MITRE ATT&CK, MITRE Cloud Matrix, and threat intel to drive detection coverage.
  • Collaborate with Engineering, Cloud Security, and SRE to ensure telemetry supports detection use cases.
  • Lead day-to-day triage and threat analysis activities, ensuring accurate categorization and prioritization.
  • Drive complex investigations involving correlated events across cloud, SaaS, endpoints, and developer platforms.
  • Guide root cause analysis and work with owners to drive remediation and architectural improvements.
  • Continuously refine logic, reduce false positives, and improve signal quality.
  • Partner with Cloud Security on cloud posture and preventative controls.
  • Work with Compliance/GRC to support SOC 2, ISO 27001, and audit readiness.
  • Collaborate with SRE and Engineering to instrument new services with structured logs and detection hooks.
  • Coordinate with IT / Endpoint teams to ensure full endpoint telemetry and EDR response readiness.
  • Communicate threats, gaps, and trends to leadership and engineering stakeholders.

Benefits

  • Competitive Salary & Equity
  • 401(k) Program with a 4% match (US Only)
  • Health, Dental, Vision and Life Insurance
  • Short Term and Long Term Disability
  • Paid Parental, Medical, Caregiver Leave
  • Flexible Time Off (FTO) + Holidays
  • Commuter Benefits (In-Office Only)
  • Monthly Wellness Stipend
  • Autonomous Work Environment
  • In Office Set-Up Reimbursement (In-Office Only)
  • Quarterly Team Gatherings
  • In Office Amenities (In-Office Only)
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service