About the role

The Cyber Security Lead Architect – SOC & Incident Response is the senior technical authority responsible for architecting, governing, and continuously improving security detection, response, and incident handling capabilities within a Managed Security Services Provider (MSSP) environment. This role bridges security architecture and frontline SOC execution, ensuring tools, detections, workflows, and response processes are designed for scale, speed, and consistency across multiple clients. The Lead Architect serves as the highest escalation point for complex incidents and ensures SOC operations remain defensible, repeatable, and mature.

What you'll do

SOC Architecture & Operational Leadership

·       Define SOC architecture standards across SIEM, SOAR, EDR, XDR, and vulnerability platforms

·       Architect SOC workflows supporting 24x7 monitoring, triage, and escalation

·       Partner with SOC leadership to reduce alert noise and increase analyst effectiveness

·       Ensure SOC tooling scales across diverse client environments

Incident Response Architecture & Escalation

·       Act as senior escalation point for high-severity incidents

·       Design and maintain incident response playbooks and runbooks

·       Provide architectural guidance during active incidents

·       Ensure incident handling aligns with SLAs and regulatory obligations

Detection Engineering & Threat Enablement

·       Architect and govern SIEM and EDR detection strategies

·       Oversee detection lifecycle management

·       Ensure detection logic reflects real-world attacker behavior

Leadership & Collaboration

·       Act as regional team lead / manager for SOC team members

·       Mentor SOC leads, senior analysts, and engineers

·       Serve as trusted advisor to leadership and clients

·       Collaborate with Cyber Platform Engineering, vCISO, and Compliance teams

Qualifications

Required:

• 8+ years practical experience in cybersecurity with SOC or MSSP focus, including threat detection, incident response, and vulnerability management.
• Proficiency with SIEM tools (Stellarcyber, LevelBlue, Splunk, QRadar, etc.) and vulnerability scanners (Tenable, Qualys etc.).
• Strong understanding of network protocols, operating systems (Windows/Linux), firewalls, IDS/IPS, VPN’s, cloud security platforms (AWS, Azure) and endpoint security solutions.

• Familiarity with security frameworks like MITRE, NIST, ISO 27001, or CIS benchmarks.
• Experience with incident response processes and malware analysis.
• Excellent analytical skills, attention to detail, and ability to work under pressure.
• Strong communication skills to effectively collaborate with technical and non-technical teams
• Having experience in a client-facing role is beneficial for offering insights into the client's security posture

Preferred:

• Bachelor’s degree in Cybersecurity, Computer Science, or a related field.
• Relevant certifications are a plus, such as CISSP-ISSEP, CISSP-ISSAP, CEH (Certified Ethical Hacker), CompTIA CySA+, CompTIA CASP+ or equivalent.

About Netrio

At Netrio, our people are at the heart of everything we do. Guided by our core values—Empathy, Partnership, Integrity, Accountability, and Innovation—we foster a culture where collaboration and trust drive real impact. We believe in listening first, delivering on our promises, and pushing the boundaries of what’s possible with technology. If you’re passionate about making a difference and want to be part of a team that grows together and leads with purpose, we invite you to explore our open opportunities and join us on our mission.