SOC Lead Analyst at PesaLink

Role Summary:

The SOC Lead Analyst serves as the primary liaison between IPSL and its SOC-as-a-Service provider. They ensure eective 24/7 security monitoring, swift incident response, and ecient threat intelligence sharing. This role is also responsible for leading Level 3 incident response, refining detection use cases, optimizing SIEM rules, and driving continuous improvements in security operations and processes.

Key Responsibilities:
SOC Operations Management

• Oversee day-to-day SOC functions, ensuring that security events are logged, triaged, analyzed, and escalated appropriately.
• Define and maintain service-level agreements (SLAs) with the SOC provider, reviewing
• monthly/quarterly performance and reporting metrics.

Incident Response & Escalation

• Serve as the first point of escalation for complex or critical security incidents, conducting in-depth investigations and coordinating containment, eradication, and recovery activities.
• Perform threat hunting, malware analysis, and forensic reviews when unusual behaviors or advanced threats are suspected.

 SIEM & Security Tools Management

• Manage, tune, and optimize the SIEM platform and other relevant security controls (IDS/IPS, endpoint security, vulnerability scanners, DLP, etc.).
• Develop and refine detection use cases, correlation rules, dashboards, and alerts to minimize false positives and enable rapid detection of threats.

Threat Intelligence & Collaboration

• Integrate threat intelligence feeds and collaborate with external agencies, information sharing groups (ISACs), or regional security bodies to stay ahead of emerging threats.
• Translate threat intelligence into actionable controls or detection rules within the SOC environment.

Process & Procedure Development

• Create and update SOC operational guidelines, playbooks, runbooks, and standard operating procedures (SOPs).
• Streamline incident handling workflows, ensuring consistency in detection, escalation, and response processes.

Continuous Improvement

• Conduct post-incident reviews and root cause analyses to identify opportunities for process enhancements, tool improvements, or control optimizations.

 Team Leadership & Mentoring

• Provide guidance and mentorship to L1/L2 analysts within the SOC-as-a-Service team, ensuring they are developing and applying best practices in threat analysis and incident response.
• Champion knowledge-sharing sessions, training, and tabletop exercises to maintain high readiness levels.

Regulatory & Compliance Alignment

• Ensure SOC processes align with relevant cybersecurity frameworks, standards, and regulations (PCI DSS, ISO 27001, NIST CSF, CBK Cybersecurity Guidelines).
• Produce periodic reports demonstrating compliance and the eectiveness of security controls.

Required skills:

• Skilled at configuring, managing, and tuning SIEM platforms, IDS/IPS, endpoint security tools, and vulnerability management solutions to detect malicious activity eciently.
• Capable of performing in-depth investigations of security incidents, including root cause analysis, containment, eradication, and recovery.
• Ability to consume and correlate threat intelligence feeds and reports to proactively identify and mitigate emerging threats.
• Skilled at planning and executing threat-hunting activities to uncover hidden or sophisticated attacks.
• Deep understanding of common threat vectors (phishing, ransomware, DDoS, web application exploits) and attacker tactics, techniques, and procedures (TTPs). Ability to map incidents and detection eorts against frameworks like MITRE ATT&CK.
• Experience developing and maintaining SOC playbooks, operational guidelines, and standard operating procedures for incident handling, escalation, and reporting.
• Competence in leading or participating in post-incident reviews, root cause analyses, and continuous improvement initiatives.
• Strong communication skills to collaborate eectively with internal teams (e.g., Infrastructure, DevOps, Compliance) and external stakeholders (managed SOC providers, law enforcement).
• Ability to produce compliance reports and address audit requirements.
• Keen analytical skills to interpret complex security logs, correlate events across multiple platforms, and draw meaningful insights.

Qualifications & Experience:

• Bachelor's degree in Information Security, Cybersecurity, or related field.
• 5+ years of experience in cybersecurity, with at least 3 years in a SOC environment.
• Strong knowledge of SIEM, threat intelligence, incident response, and forensic analysis.
• Experience with payment security, fraud monitoring, and financial sector threats.
• Certifications such as CISSP, GIAC GCIA/GCIH, or OSCP are a plus.