Team Lead, Security Operations Center
Remote
Full Time
Mid Level
This is a fully remote position
This position will participate in an on-call rotation
PURPOSE
The Team Lead, Security Operations is a hands-on technical leader responsible for directing a team of analysts and engineers to deliver advanced threat detection, hunting, response, and automation capabilities across cloud and hybrid environments. This role balances tactical execution and strategic enablement—leveraging Microsoft’s security stack, SOAR, scripting, and threat intelligence to drive operational maturity and reduce risk.
You will serve as a senior escalation point during high-severity incidents, while also guiding proactive initiatives such as detection engineering, threat hunting, incident response, and automation development. This role requires deep technical expertise, strong scripting skills, and a passion for mentoring others in SOC operations.
RESPONSIBILITIES
SOC Operations & Incident Response
At Ascend Technologies we firmly believe that diversity, equity, and inclusion are not only fundamental values but also powerful drivers of innovation, growth, and success. We are committed to fostering an environment where every individual feels valued, respected, and empowered.
CORE VALUES
We are seeking highly motivated individuals who have the willingness and ability to demonstrate Ascend core values:
PHYSICAL DEMANDS:
Must be able to sit, stand, and bend for the duration of shift. The position is mainly sitting, with occasional lifting up to 50 lbs, such as laptop, server equipment, and, driving to the work site to meet with client(s).
The salary for this position is commensurate with experience, skills, and qualifications. The range is intended to reflect our commitment to attracting top talent, and the final offer will be based on factors including, but not limited to, the candidate's previous experience, expertise in the field, relevant certifications, and the specific requirements of the role. In addition, internal equity, market trends, and geographic location may also influence the final salary.
Along with a competitive salary, we offer a comprehensive benefits package, including health, dental, and vision insurance, retirement savings options, flexible time off (FTO), and professional development opportunities. We are open to discussing compensation and benefits further during the interview process to ensure alignment with the candidate’s expectations and experience.
This position will participate in an on-call rotation
PURPOSE
The Team Lead, Security Operations is a hands-on technical leader responsible for directing a team of analysts and engineers to deliver advanced threat detection, hunting, response, and automation capabilities across cloud and hybrid environments. This role balances tactical execution and strategic enablement—leveraging Microsoft’s security stack, SOAR, scripting, and threat intelligence to drive operational maturity and reduce risk.
You will serve as a senior escalation point during high-severity incidents, while also guiding proactive initiatives such as detection engineering, threat hunting, incident response, and automation development. This role requires deep technical expertise, strong scripting skills, and a passion for mentoring others in SOC operations.
RESPONSIBILITIES
SOC Operations & Incident Response
- Lead and support investigations of complex security incidents, ensuring rapid containment and accurate root cause analysis.
- Coordinate cross-functional response efforts and act as escalation point for high-impact incidents.
- Perform forensics on endpoints, cloud services, and email systems using tools like Microsoft Defender, Purview, and Sentinel.
- Drive development and refinement of response playbooks to standardize and accelerate incident handling.
- Lead proactive threat hunting efforts using Microsoft Sentinel, KQL, and telemetry from Microsoft Defender tools to identify unknown threats.
- Build custom queries and hunting workbooks to surface suspicious behaviors across endpoints, identities, and cloud workloads.
- Integrate threat intelligence feeds (e.g., Microsoft TI, MISP, open source) into Sentinel for contextual enrichment and proactive detection.
- Collaborate with intelligence teams to translate emerging threat TTPs into detection logic, hunting hypotheses, and incident playbooks.
- Stay current with MITRE ATT&CK techniques, APT group activity, and 0-day threats to inform detection and hunting strategies.
- Design and implement SOAR playbooks in Microsoft Sentinel (Logic Apps) to automate enrichment, containment, and notification actions.
- Build and maintain custom tools/scripts using Python and PowerShell to automate data collection, alert triage, and response actions.
- Develop CI/CD pipelines to deploy and manage Sentinel content (KQL rules, watchlists, workbooks, playbooks) at scale.
- Continuously evaluate opportunities to integrate AI/ML to automate anomaly detection and alert triage.
- Develop, tune, and manage analytic rules in Microsoft Sentinel to ensure timely, high-fidelity detections.
- Write and maintain SOC runbooks and playbooks that align with NIST, MITRE, and industry best practices.
- Design custom detection logic for emerging threats, based on threat intelligence and internal findings.
- Maintain detection coverage mapping against MITRE ATT&CK and track SOC detection maturity.
- Mentor SOC team members on advanced detection, automation, hunting, and IR practices.
- Lead training sessions, threat simulations, and purple team engagements to improve team readiness.
- Collaborate with other teams to drive holistic threat coverage.
- Identify and champion process improvements, tool enhancements, and knowledge gaps across the team.
- Other responsibilities as assigned by management.
- 5+ years in Security Operations, Incident Response, or Detection Engineering
- 3+ years in a technical leadership or senior-level SOC role
- Hands-on experience with Microsoft Sentinel, Defender for Endpoint, Defender for Identity, Defender for Office 365, and Purview
- Strong threat hunting experience using KQL, Sentinel workbooks, and Defender telemetry
- Experience with SOAR, particularly Logic Apps and playbook development
- Proficiency in Python and PowerShell for automation and investigation tooling
- Knowledge of MITRE ATT&CK, threat intelligence workflows, and detection engineering best practices
- Strong analytical, forensic, and problem-solving skills in Windows and cloud environments
- Experience working with CI/CD pipelines (e.g., GitHub Actions, Azure DevOps) for security content deployment
- Bachelor’s degree in Cybersecurity, Computer Science, or related field
- Relevant certifications such as SC-200, SC-100, GCIH, GCFA, OSCP, AZ-500, MITRE CTI
- Experience in MSSP or multi-tenant SOC environments
- Familiarity with EDR/XDR integrations, threat intel platforms (e.g., MISP, Anomali), and sandboxing tools
At Ascend Technologies we firmly believe that diversity, equity, and inclusion are not only fundamental values but also powerful drivers of innovation, growth, and success. We are committed to fostering an environment where every individual feels valued, respected, and empowered.
CORE VALUES
We are seeking highly motivated individuals who have the willingness and ability to demonstrate Ascend core values:
- Committed to Client Success: Our actions and our words always align with the best interest of the client.
- One Team: We work collaboratively to overcome challenges with humility and respect and do what it takes to find innovative solutions.
- Integrity: We are unquestionably committed to doing the right thing even when it is hard.
- Accountability: We hold ourselves and each other accountable for keeping our commitments to our clients, our communities, and one another.
- Transparency: We create open lines of communication with each other and our clients, fostering relationships founded on candor and trust.
PHYSICAL DEMANDS:
Must be able to sit, stand, and bend for the duration of shift. The position is mainly sitting, with occasional lifting up to 50 lbs, such as laptop, server equipment, and, driving to the work site to meet with client(s).
The salary for this position is commensurate with experience, skills, and qualifications. The range is intended to reflect our commitment to attracting top talent, and the final offer will be based on factors including, but not limited to, the candidate's previous experience, expertise in the field, relevant certifications, and the specific requirements of the role. In addition, internal equity, market trends, and geographic location may also influence the final salary.
Along with a competitive salary, we offer a comprehensive benefits package, including health, dental, and vision insurance, retirement savings options, flexible time off (FTO), and professional development opportunities. We are open to discussing compensation and benefits further during the interview process to ensure alignment with the candidate’s expectations and experience.
Apply for this position
Required*