OAX - Head of Security Operations Center (SOC) - Job2178

OAX - Head of Security Operations Center (SOC) - Job2178 Summary OAX is seeking a seasoned and dynamic Head of Security Operations Center (SOC) to lead and scale our managed security operations. This pivotal leadership role is responsible for overseeing 24/7 SOC functions, including monitoring, detection engineering, threat hunting, incident response, and customer reporting. The ideal candidate will build a high‑trust, inclusive SOC culture, develop and execute multi‑year strategies aligned with OAX’s business goals, and manage a team of skilled security professionals. This role demands a hands‑on leader with strong technical expertise, excellent communication skills, and the ability to collaborate across Engineering, Sales, and Customer Success teams to innovate and enhance our security offerings. The Head of SOC will also engage directly with clients and executives during major incidents, ensuring OAX maintains its reputation as a trusted security partner. Responsibilities Strategic Leadership Define and execute a multi‑year SOC strategy aligned to OneAxiom’s growth objectives, customer needs, and service roadmap (people, process, and technology). Translate strategy into quarterly operating plans, goals, and investments. Operational Excellence Directly oversee 15–30 security professionals across SecOps functions. Ensure reliable 24/7 operations, high signal‑to‑noise alerting, proactive hunting, and effective incident handling. Establish and maintain robust intake, triage, escalation, and communications workflows. Drive coverage‑focused detections across our solution; reduce false positives via tunings and automation. Lead from the front—be willing to jump yourself when the situation calls for it, setting the example of a hands‑on, player‑coach leader. Standard Operating Procedures (SOPs) & Playbooks Develop and maintain SOC Standard Operating Procedures (SOPs) that enable consistent execution (escalation paths, severity classifications, ticketing standards, and QA). Create and continuously enhance response playbooks mapped to MITRE ATT&CK; ensure alignment with current cyber threat intelligence (CTI) and emerging trends. Talent Development Recruit, develop, and retain top SOC talent; build clear career paths and training programs. Cultivate a high‑performance culture emphasizing craftsmanship, curiosity, and teamwork. Additional Responsibilities Partner with Engineering and Sales to design, pilot, and launch new managed security offerings. Evaluate and manage vendors; measure ROI and drive standardization where applicable. Build trusted relationships with client security leaders. Ensure the SOC’s TAMs conduct executive briefings and reviews that communicate risk reduction and measurable value. Ensure tailored reporting and actionable recommendations that strengthen client security posture. Own SOC budgeting and capacity planning; optimize costs while meeting SLAs and quality standards. Oversee vendor relationships for tooling, threat intel, and services. Metrics & KPIs Define and manage data‑driven KPIs (e.g., MTTA/MTTD/MTTR, SLA attainment, MTTR). Align SOC processes with relevant frameworks for our Ideal Customer Profile (e.g., NIST CSF, ISO 27001) and support audits as needed. Ensure evidencing, logging, and documentation standards support compliance and customer requirements. Requirements Education: Bachelor’s degree in Information Security, Computer Science, Engineering, or related field preferred. Experience: 7+ years of experience in Security Operations or Managed Security Services, including leadership of SOC or IR teams. Proven ability to scale SOC operations and build high‑performing teams and culture. Demonstrated success managing budgets, vendors, and executive communications. Skills & Competencies: Strong executive presence; excellent written and verbal communication skills with C‑suite stakeholders and technical audiences. Systems thinker with bias for action – able to convert strategy into operating plans, playbooks, and measurable outcomes. People‑first leader who coaches, mentors, and builds teams. Technical Proficiencies: Deep knowledge of SIEM, EDR, CTI, SOAR, and IR methodologies. Hands‑on familiarity with tools such as: Elastic/Splunk/OpenSearch/Microsoft Sentinel; CrowdStrike/Defender/SentinelOne; cloud logging (AWS/Azure/GCP); ticketing and knowledge systems. Understanding of log pipelines, detection engineering, and MITRE ATT&CK mapping. Nice‑to‑Have Skills Certifications such as CISSP, GCIA, GCIH, GCFA/GCFR, GCTI, GMON, or comparable experience. Experience with regulated industries (e.g., financial services, healthcare) and customer audits. Background in building revenue‑adjacent SOC services (e.g., new managed detections, assessments, or response offerings). #J-18808-Ljbffr