OAX – Head of Security Operations Center (SOC) – Job2178
Summary
OAX is seeking a seasoned and dynamic Head of Security Operations Center (SOC) to lead and scale our managed security operations. This pivotal leadership role is responsible for overseeing 24/7 SOC functions, including monitoring, detection engineering, threat hunting, incident response, and customer reporting. The ideal candidate will build a high-trust, inclusive SOC culture, develop and execute multi-year strategies aligned with OAX’s business goals, and manage a team of skilled security professionals. This role demands a hands-on leader with strong technical expertise, excellent communication skills, and the ability to collaborate across Engineering, Sales, and Customer Success teams to innovate and enhance our security offerings. The Head of SOC will also engage directly with clients and executives during major incidents, ensuring OAX maintains its reputation as a trusted security partner.
Responsibilities
Strategic Leadership
- Define and execute a multi-year SOC strategy aligned to OneAxiom’s growth objectives, customer needs, and service roadmap (people, process, and technology).
- Translate strategy into quarterly operating plans, goals, and investments.
Operational Excellence
- Directly oversee 15–30 security professionals across SecOps functions.
- Ensure reliable 24/7 operations, high signal-to-noise alerting, proactive hunting, and effective incident handling.
- Establish and maintain robust intake, triage, escalation, and communications workflows.
- Drive coverage-focused detections across our solution; reduce false positives via tunings and automation.
- Lead from the front—be willing to jump yourself when the situation calls for it, setting the example of a hands-on, player-coach leader.
Standard Operating Procedures (SOPs) & Playbooks
- Develop and maintain SOC Standard Operating Procedures (SOPs) that enable consistent execution (escalation paths, severity classifications, ticketing standards, and QA).
- Create and continuously enhance response playbooks mapped to MITRE ATT&CK; ensure alignment with current cyber threat intelligence (CTI) and emerging trends.
Talent Development
- Recruit, develop, and retain top SOC talent; build clear career paths and training programs.
- Cultivate a high-performance culture emphasizing craftsmanship, curiosity, and
- teamwork.
Tools & Service Innovation
• Partner with Engineering and Sales to design, pilot, and launch new managed
security offerings.
• Evaluate and manage vendors; measure ROI and drive standardization where
beneficial.
Customer Engagement
• Build trusted relationships with client security leaders
• Ensure the SOC’s TAMs conduct executive briefings and reviews that communicate
risk reduction and measurable value.
• Ensure tailored reporting and actionable recommendations that strengthen client
security posture.
Financial Management
• Own SOC budgeting and capacity planning; optimize costs while meeting SLAs and
quality standards.
• Oversee vendor relationships for tooling, threat intel, and services.
Metrics & KPIs
• Define and manage data-driven KPIs (e.g., MTTA/MTTD/MTTR, SLA attainment,
detection coverage, false-positive rate, automation rate).
Compliance, Risk & Governance
• Align SOC processes with relevant frameworks for our Ideal Customer Profile (e.g.,
NIST CSF, ISO 27001) and support audits as needed.
• Ensure evidencing, logging, and documentation standards support compliance and
customer requirements.
Requirements:
- Education: Bachelor’s degree in Information Security, Computer Science, Engineering, or related field preferred.
- Experience: 7+ years of experience in Security Operations or Managed Security Services, including leadership of SOC or IR teams.
- Proven ability to scale SOC operations and build high-performing teams and culture.
- Demonstrated success managing budgets, vendors, and executive communications.
- Skills & Competencies: Strong executive presence; excellent written and verbal communication skills with C‐suite stakeholders and technical audiences.
- Systems thinker with bias for action – able to convert strategy into operating plans, playbooks, and measurable outcomes.
- People-first leader who coaches, mentors, and builds teams.
- Technical Proficiencies: Deep knowledge of SIEM, EDR, CTI, SOAR, and IR methodologies.
- Hands-on familiarity with tools such as: Elastic/Splunk/OpenSearch/Microsoft Sentinel;CrowdStrike/Defender/SentinelOne; cloud logging (AWS/Azure/GCP); ticketing and knowledge systems.
- Understanding of log pipelines, detection engineering, and MITRE ATT&CK mapping.
Nice-to-Have Skills
- Certifications such as CISSP, GCIA, GCIH, GCFA/GCFR, GCTI, GMON, or comparable experience.
- Experience with regulated industries (e.g., financial services, healthcare) and customer audits.
- Background in building revenue-adjacent SOC services (e.g., new managed detections, assessments, or response offerings).