Lead SOC Analyst

Responsibilities

• Take ownership of complex incident investigations, including credential abuse, targeted malware, and data exfiltration attempts.
• Act as the primary escalation point for junior analysts during active incidents, guiding containment and resolution.
• Proactively hunt for threats using MITRE ATT&CK, threat intelligence, and behavioral anomaly detection.
• Write, tune, and maintain detection rules to reduce false positives and improve coverage.
• Develop and refine incident response playbooks to ensure consistent team performance.
• Champion the use of AI tools for alert enrichment, triage automation, and incident documentation.
• Deliver actionable incident reports for both technical engineers and business stakeholders.
• Track and analyze key metrics such as MTTD, MTTR, and false positive rates to drive continuous improvement.

Requirements

• 7+ years of experience in cybersecurity operations with hands-on incident response expertise.
• Proficiency in SIEM query languages (e.g., Splunk, Elastic) for advanced threat hunting and detection.
• Hands-on experience with EDR platforms, IDS/IPS, and network forensics tools.
• Strong knowledge of cloud security tooling within AWS or GCP environments.
• Deep familiarity with security frameworks including MITRE ATT&CK, D3FEND, and NIST SP 800-61.
• Proven experience mentoring or guiding junior analysts in a live security context.
• Experience with automation tools such as SOAR platforms or Python for enrichment scripting.

Preferred Qualifications

• Relevant hands-on certifications such as GCIH, GCIA, GCFA, or OSCP.
• Experience implementing or managing AI-assisted triage and automation platforms.

About the Company

Deriv.com is a global trading platform with a mission of "Trading for Anyone, Anywhere, Anytime." We support millions of active traders across dozens of regulatory environments. At Deriv, security is treated as core infrastructure, and we leverage cutting-edge AI and automation to stay ahead of evolving global threats.