SOC Architect at T.O.N Corporate Services

Job Description

• The SOC Architect is responsible for designing, building, and optimizing the Security Operations Center (SOC) architecture, ensuring it delivers effective detection, response, and resilience against cyber threats.
• Also serve as the technical authority for SOC design and play a key role in advancing automation, orchestration, and scalability for both current and future security operations.
• The SOC Architect also provide leadership in client solutioning, SOC employee development, and knowledge transfer to ensure a high-performing and client-centric SOC.

Responsibilities

• Design and implement the overall architecture of the SOC, including SIEM, SOAR, log sources, threat intelligence feeds, and incident response workflows.
• Define the technical roadmap for SOC platforms and tools to support evolving business and security needs.
• Ensure seamless integration of detection, monitoring, and response technologies (e.g., SIEM, SOAR, EDR/XDR, NDR, UEBA, TIP).
• Oversee the onboarding and configuration of log sources, network sensors, and security tools into SOC platforms.
• Develop and optimize correlation rules, detection use cases, and dashboards to improve threat visibility.
• Drive automation and orchestration initiatives to streamline incident response, case management, and reporting.
• Continuously assess and enhance SOC performance, ensuring scalability and efficiency.
• Collaborate with SOC analysts and incident responders to design effective playbooks and escalation paths.
• Align SOC capabilities with MITRE ATT&CK, NIST, ISO 27035, and other relevant frameworks.
• Integrate threat intelligence sources into SOC workflows to improve proactive threat hunting.
• Ensure SOC architecture supports compliance requirements (e.g., GDPR, PCI DSS, ISO 27001, NIST CSF).
• Establish security logging, monitoring, and response policies and ensure adherence across systems.
• Partner with internal audit, risk, and compliance teams to ensure SOC meets regulatory and contractual obligations.
• Serve as the technical SME for SOC design during client engagements, pre-sales meetings, workshops, and RFP responses.
• Provide technical leadership, mentorship, and training to SOC analysts and engineers, ensuring continuous capability development.
• Oversee SOC team management, fostering a culture of accountability, collaboration, and continuous improvement.
• ​Represent the SOC in executive updates, board presentations, and client-facing reviews.

Requirements

• Bachelor’s Degree in Computer Science, Information Security, or related field (Master’s preferred).
• 10 - 14 years’ experience in Security Operations and SOC engineering/architecture.
• Strong expertise with SIEM (e.g., Splunk, QRadar, Sentinel, Elastic), SOAR (e.g., Palo Alto Cortex XSOAR, Splunk SOAR), and EDR/XDR platforms.
• Hands-on experience with log management, data normalization, correlation rule creation, and advanced analytics.
• Solid understanding of cloud security monitoring (AWS, Azure, GCP).
• Familiarity with scripting and automation (Python, PowerShell, API integrations).
• Relevant certifications such as GIAC GCIA/GCDA, CISSP, CCSP, Splunk Architect, Microsoft Sentinel, or equivalent are highly desirable.