Security Operations Center (SOC) Lead

Who We Are 

Legato Security is an information security firm founded upon the belief that every organization has the right to keep its data private and secure. Our mission is to build close partnerships with our clients, serving them not as just a vendor, but as trusted advisors helping to build effective, proactive plans. Our focus is always on both the technical and human elements within an organization. We believe in comprehensive strategies designed to harden networks, deflect attackers, and rapidly recover from any accidents. As technology progresses, so do our tactics, ensuring our experts are always prepared to serve forward-looking leaders eager to stay ahead of emerging threats. 

Position Overview 

Legato Security seeks a Security Operations Center (SOC) Lead for a senior-level position in Salt Lake City, UT. This role combines hands-on security operations with team leadership, offering growth opportunities for security professionals looking to advance their expertise. 

Working directly under the SOC Manager, you'll lead threat hunting, event analysis, incident response, and investigations while mentoring SOC Analysts I and II. The position includes security tool administration and implementation of security best practices. 

The role follows a hybrid 4x10 schedule (two days in-office, two days remote) and offers advancement opportunities for self-motivated professionals with strong analytical and critical thinking abilities. Previous security analyst experience is required. 

Specific Job Responsibilities 

• Lead a team of SOC analysts to deliver high-quality security services to our clients, ensuring security incidents are detected, analyzed, and resolved in a timely manner 
• Assist with the configuration and maintenance of SIEM and EDR technologies, including creating dashboards and reports, writing, and optimizing search queries, and developing playbooks 
• Investigate security incidents and provided detailed incident reports to management, including root cause analysis, impact analysis, and recommended remediation steps 
• Collaborate with clients to understand their security requirements and develop customized security solutions to meet their needs 
• Mentor and coach L1 and L2 team members to improve their technical skills and grow their career paths. 
• Perform research and remain aware of new and emerging threats to ensure newly discovered vulnerabilities are addressed 
• Act as an Incident Response team member when the incident response team is active. Incident response tasks may be identification, log and event collection and analysis, forensic investigation support, communication support, and evidence handling 
• Assist in documenting Standard Operating Procedures SOC playbooks, configuration guides, and secure standards 
• Collaborate with Customer Success team to gather data for client reports 
• Assist with the management of the shift schedule, PTO and Sick time 
• Act as an on-call resource for analysts and client escalations 
• Manage and maintain analysts access for internal and client environments 
• Assist with the onboarding and offboarding of SOC analysts 
• Assist with the onboarding and offboarding of clients 

 Qualifications 

• At least three years of experience in SOC operations, specifically in an MSSP environment 
• Deep understanding of SIEM and EDR technologies, including Sumo Logic, Splunk, Azure Sentinel, Q Radar, Google SecOps, CrowdStrike, SentinelOne, Cortex and Carbon Black 
• Strong analytical and problem-solving skills, with the ability to investigate complex security incidents 
• Excellent written and verbal communication skills, with the ability to clearly convey technical concepts to both technical and non-technical stakeholders 
• Experience working with clients to understand their security requirements and develop customized security solutions to meet their needs 
• Ability to work independently and collaboratively with cross-functional teams in a fast-paced environment 
• Relevant security certifications such as CISSP, GIAC, or CISM are a plus 

Perks 

• Start-up company in a growth phase with opportunity for advancement based on performance 
• Hybrid work from home policy 
• Commuter Benefit 
• Innovative culture with an office in downtown Salt Lake City, UT 
• Competitive medical and dental benefits for employee and family members 
• Other company-provided benefits such as short-term disability, basic life insurance, children’s orthodontia, with additional voluntary benefits available, and 401K match 
• Flexible Paid Time Off policy 
• Professional Development opportunities specific to role 

Embark on a journey where your skills are valued, your growth is fostered, and your voice is heard. At Legato Security, we understand that diversity is the key to innovation. Our hiring process is designed to provide a transparent, consistent, and uniform experience for all applicants, mitigating unconscious bias every step of the way. We foster a culture of belonging, where each team member is an integral part of the Legato family.  

Legato Security is an equal-opportunity employer.