Job Specifications
Lead SOC modernization efforts, working with Information Security leadership to plan and execute improvements from quick wins to long-term enhancements
Standardize SOC processes (intake, triage, investigation, escalation, and closure) and improve case management through better templates, documentation, and audit readiness
Establish operational routines such as queue monitoring, regular reviews, metrics tracking, and incident response exercises
Implement AI-supported SOC capabilities, including alert prioritization, automated data enrichment, investigation support tools, and automated case summaries
Define governance for AI usage (approval controls, permissions, audit trails, and data handling standards)
Evaluate and test vendors or internal solutions, run pilots, and manage production deployments
Lead security tooling integrations across SIEM, EDR, SOAR, cloud monitoring, ticketing, and collaboration systems
Work with engineering teams to improve telemetry pipelines and define performance standards for reliability, access, and signal quality
Track and improve SOC performance metrics (triage time, case aging, escalation quality, automation coverage)
Identify operational gaps and implement improvements through playbooks, automation, training, and data enhancements
Train and mentor analysts on standard workflows and AI tools
Strengthen collaboration between SOC, engineering, IT, and platform teams
Provide operational updates and reporting to security leadership
Required Qualifications
5+ years in security operations, SOC engineering, or incident response
Strong knowledge of SOC processes, incident handling, and escalation workflows
Experience with SIEM/EDR platforms and security tool integrations (APIs/webhooks)
Proven ability to improve operations through processes, metrics, and training
Strong communication and stakeholder management skills
Preferred Qualifications
Experience deploying AI-driven SOC tools with governance controls
SOAR or security automation experience
Familiarity with WQL, SPL, or KQL and basic scripting (Python or Bash)
Knowledge of cloud platforms and identity management (AWS, Azure, GCP, SSO, MFA, IAM)
Success Indicators
Consistent SOC processes across teams and shifts
Reduced alert volume and faster, more informed investigations
Improved analyst productivity and documentation through AI tools
Better integrations and telemetry that reduce operational delays
Clear performance metrics demonstrating ongoing SOC improvement
About the Company
Established in 1999, New York Technology Partners is a global IT and Engineering consulting services company with 250+ employees on staff in the US and over $30 million in revenues. We provide the highest quality of integrated full-lifecycle IT & Engineering services and business solutions. NYTP has grown to become a leader in consulting services in multiple areas including IT, Engineering, Manufacturing, Construction, etc. NYTP has been recognized by the Inc. 5000 and Rochester Top 100 as an honoree for multiple consecutive...
Know more