SOC Principal - Threat Operations
198772
Desired skills:
SOC-principal, Threat-operations, Incident-response, Threat-hunting, Detection-engineering, SIEM-EDR
SOC Principal - Threat Operations
Location: Ireland
Type: Full-Time
Salary: €105,000 - €135,000
A mature security operations function is adding a senior technical lead to sit at the centre of threat operations. This role exists to raise the bar on investigations, detection quality, and how complex threats are handled once they surface. It's not a people-management-heavy position - it's a hands-on authority role for someone trusted to make the hard calls when signals are unclear and stakes are high.
The environment blends managed services scale with deep technical ownership, requiring someone comfortable moving between investigation, hunting, and strategic improvement work.
The Role
You'll act as the senior escalation point for complex and ambiguous threats, guiding investigations that don't follow playbooks neatly. Alongside this, you'll shape how the SOC detects, validates, and responds to advanced activity - working closely with detection engineering, threat intelligence, and incident response to close gaps and mature capability.
This is a role for someone who enjoys being inside the problem: validating alerts, challenging assumptions, refining logic, and quietly raising standards across the operation.
Key Responsibilities
1. Lead investigations into high-severity or unclear threat activity escalated from the SOC
2. Validate detections for technical accuracy, context, and real-world impact
3. Drive proactive threat hunting using behavioural indicators, intelligence, and anomaly patterns
4. Identify detection gaps and work with engineering teams to improve coverage and fidelity
5. Act as the technical escalation point for senior analysts during complex cases
6. Mentor analysts through investigations, not just outcomes
7. Contribute to playbooks, investigative standards, and detection lifecycle improvements
8. Support post-incident reviews and ensure lessons learned feed back into operations
9. Collaborate across threat intel, detection engineering, and IR teams to strengthen end-to-end response
10. Represent threat operations expertise in internal reviews and selected client discussions
Skills & Experience
11. 8+ years in SOC, threat operations, or incident response roles
12. Strong background in MSSP or multi-tenant security operations environments
13. Deep hands-on experience with SIEM, EDR, SOAR, and enrichment tooling
14. Strong capability analysing logs, artefacts, telemetry, IOCs, and attacker TTPs
15. Confident applying frameworks such as MITRE ATT&CK, kill chain models, and threat methodologies
16. Proven experience mentoring analysts and acting as a senior technical authority
17. Comfortable making decisions under pressure during live incidents
18. Clear communicator, able to explain complex threats without oversimplifying
Reperio Human Capital acts as an Employment Agency and an Employment Business.
Recruiter not found