SOC Architecture lead

About The Position

Requirements

• Active Government of Canada Secret clearance (or eligibility)
• 15+ years of experience in information/cybersecurity with focus on SOC services and detection and response capabilities
• Proven experience in Security Operations, SOC Engineering, or SOC Architecture
• Significant hands-on experience with Elastic Security / ELK stack (SIEM, XDR, EDR)
• Experience leading end-to-end SOC or SIEM implementation programs
• Strong understanding of: Detection engineering and use case development, Telemetry ingestion and data pipelines, SOAR platforms, Threat intelligence platforms, Case management and investigation tooling, SOC processes (monitoring, triage, investigation, response)
• Experience managing delivery teams and client engagements
• Technical expertise in SIEM and Elastic Security (ELK stack)
• Proven ability to lead complex SOC design and build engagements
• Strong delivery ownership with accountability for outcomes, timelines, and quality
• Experience influencing client stakeholders at senior and executive levels
• Ability to balance architectural rigor with practical delivery execution

Nice To Haves

• Experience delivering SOC solutions across multiple industries or large enterprises
• Strong executive communication and stakeholder management skills
• Experience in consulting or managed security services environments

Responsibilities

• Own end-to-end SOC architecture and delivery across client engagements—from strategy and design through build, deployment, and transition to operations
• Lead SIEM architecture and implementation, specifically leveraging Elastic Security (ELK stack)
• Define and implement: Log ingestion and data pipelines, Detection use cases and correlation logic, Dashboards, alerting models, and reporting frameworks
• Drive integration of SIEM with broader security ecosystem, including: XDR and EDR platforms, SOAR and case management systems, Threat intelligence platforms
• Lead delivery team (architects, engineers, analysts) across complex SOC programs
• Ensure delivery quality, timelines, and budget adherence for SIEM/SOC design and implementation milestones
• Provide hands-on guidance and oversight on technical build activities
• Act as escalation point for technical and delivery challenges
• Serve as trusted advisor to client security leadership (CISO, VP Security, SOC leadership)
• Translate business, risk, and compliance requirements into scalable SOC solutions
• Present architecture, solution approaches, and delivery updates to senior stakeholders
• Define SOC operating models and maturity roadmaps
• Lead initiatives to improve detection, response, and SOC efficiency
• Establish standards and best practices for detection engineering and SOC operations
• Align solutions with industry frameworks and regulatory requirements

Benefits

• Information on benefits is here.