Job description

The SOC Team Leader within the Cyber Security Department in Riyadh, Saudi Arabia is responsible for leading Security Operations Center (SOC) operations to detect, investigate, and respond to cybersecurity incidents while improving monitoring capabilities, processes, and tool effectiveness. The role involves operational leadership, incident response management, threat hunting, threat intelligence utilization, and cross-functional coordination with IT, engineering, risk, compliance, and business teams. The position requires oversight of day-to-day SOC operations including alert monitoring, triage, investigation, escalation, and incident response according to defined SLAs and incident classification procedures. The SOC Team Leader maintains and improves detection capabilities by tuning SIEM rules, integrating telemetry sources, validating alerts, and optimizing EDR platforms, network detection tools, cloud security tools, and threat intelligence solutions. The role involves proactive threat hunting, identifying attacker behaviors, analyzing emerging risks, and implementing detection and prevention improvements. Responsibilities include developing and maintaining runbooks, playbooks, escalation paths, and SOC operational processes to ensure repeatable and auditable incident handling. The role also involves producing operational and executive reporting using SOC metrics such as MTTR, MTTD, alert volumes, false positive rates, and incident trends. The SOC Team Leader manages vendor relationships, integrates MDR solutions, ensures regulatory compliance, participates in audits, and supports hybrid, cloud, and on-premises environments including AWS, Azure, and GCP while improving SOC operational workflows and automation.