SOC Analyst Team Lead

Welcome to the future of cloud networking and security!  

Cato Networks is the first company to converge enterprise networking and security into one centralized and global service that is delivered by cloud. It is led by networking and security pioneer Shlomo Kramer (Check Point, Imperva) and early investor (Palo Alto Networks, Exabeem, Trusteer and more).  Cato’s unique technology inspired a brand-new product category, later named “SASE” by Gartner and a market expected to reach $25 billion by 2027.

This is your opportunity to get on the rocket ship and join a company that is building a cutting-edge enterprise network and secure cloud platform, and is on a fast track to becoming the worldwide market leader – don’t miss it!

As a SOC Analyst Team Leader, you will be responsible for supervising a team of Security Analysts working in 24x7 rotational shifts. You will guide the team in monitoring, detecting, investigating, and responding to cybersecurity incidents across our global environment, and serve as subject matter expert on escalated incidents and investigations. This is a leadership role that blends technical expertise with people management to ensure high-quality security operations and continuous service improvement.

Responsibilities

Operational Leadership

• Manage and coordinate the activities of SOC analysts across multiple shifts to ensure continuous 24x7 monitoring and timely incident response.
• Act as an escalation point for high-priority or complex security incidents, providing guidance and hands-on support as needed.
• Ensure adherence to defined operational procedures, incident response playbooks, and service level agreements (SLAs).

People Management

• Lead, coach, and mentor SOC Analysts to build a high-performing team and foster a culture of accountability and learning.
• Conduct regular performance reviews, provide feedback, and support career development and training initiatives.
• Coordinate shift schedules, leave planning, and resource allocation to ensure full coverage and avoid burnout.

Incident Response and Reporting

• Oversee the end-to-end incident handling process, from detection through containment, eradication, recovery, and post-incident analysis.
• Review and approve incident documentation, ensuring accurate records and adherence to compliance and audit requirements.
• Collaborate with global security and IT teams to ensure efficient cross-functional response and resolution.

Process Improvement and Quality Assurance

• Drive continuous improvements in monitoring capabilities, detection logic, and response processes.
• Identify gaps or inefficiencies in workflows and propose or implement enhancements.
• Contribute to the refinement of operational metrics and KPIs to monitor team performance and SOC effectiveness.

Requirements

• Experience of 4+ years of experience working in a SOC or cybersecurity operations role
• At least 1–2 years of leadership experience, either as a team lead, senior analyst, or shift supervisor.
• Experience working with SIEM platform (Advantage: Elastic).
• Experience working with security tools and platforms (Advantage: Microsoft Defender platform).
• Advantage: Experience with scripting or automation (e.g., Python, PowerShell, Bash).
• Related training or education relevant to security analysis or engineering domain
• Strong understanding of cybersecurity fundamentals, including threat vectors, malware, network protocols, and security controls.
• Knowledge of incident response frameworks (e.g., NIST, SANS).
• Advantage: Industry certifications such as CompTIA Security+, EC-Coucnil CSA/CHFI, GCIA, GCIH, etc.
• Willingness to substitute analysts (in absence) in rotating shifts in special occasions
• Excellent analytical, problem-solving, communication skills and
• Ability to mentor and review others’ work for continuous work
• Ability to work effectively on time-sensitive tasks
• Great people skills and having customer service orientation
• Proficiency in written and verbal English is a must

#LI_HE1