We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
#alert
Back to search results
New

Lead SOC Analyst

UFP Industries, Inc
United States, Michigan, Grand Rapids
Jul 02, 2026

Job Summary

The Lead SOC Analyst is responsible for leading the daily operations of the Security Operations Center (SOC) while actively participating in threat detection, investigation, and response activities. This role operates in a player/coach capacity, balancing hands-on incident response with team leadership, process development, and SOC maturity initiatives.

The Lead SOC Analyst serves as the primary point of coordination between the internal SOC and external managed detection and response (MDR) provider, ensuring effective monitoring, escalation, and response to security events. This role is also responsible for developing and maintaining SOC processes, playbooks, and documentation to improve the organization's overall security posture.

This role reports to the Manager of Cyber Defense.

Location: this role must work on-site, full-time out of our Grand Rapids, MI office

Principal Duties and Responsibilities

SOC Operations and Incident Response

  • Act as the senior escalation point for security incidents, providing hands-on investigation and response.
  • Perform advanced threat hunting, incident analysis, and root cause determination.
  • Lead and coordinate incident response activities across IT, infrastructure, and application teams.
  • Validate and enrich alerts generated by internal tools and external MDR provider.
  • Ensure timely containment, remediation, and closure of security incidents.

MDR Vendor Management

  • Serve as the primary operational liaison with our MDR provider.
  • Manage day-to-day interactions including alert triage alignment, escalation handling, and service quality.
  • Review MDR detections, investigations, and recommendations for accuracy and relevance.
  • Identify and drive improvements in detection coverage, alert fidelity, and response processes.
  • Participate in regular service reviews and ensure deliverables meet organizational expectations.

SOC Leadership and Team Development

  • Provide technical leadership and guidance to SOC analysts.
  • Lead daily SOC operations including prioritization of alerts, workload management, and escalation decisions.
  • Mentor and develop analysts through coaching, training, and knowledge sharing.
  • Establish expectations for investigation quality, documentation, and response timelines.
  • Support hiring, onboarding, and skill development of SOC team members.

SOC Maturity and Process Development

  • Develop, document, and maintain SOC standard operating procedures (SOPs), playbooks, and runbooks.
  • Identify gaps in SOC processes and implement improvements to increase consistency and effectiveness.
  • Define and track SOC metrics and KPIs (e.g., MTTR, alert volume, false positives, escalation rates).
  • Standardize incident documentation and evidence collection to support audit and compliance requirements.
  • Drive continuous improvement initiatives aligned to industry best practices and organizational goals.

Detection Engineering and Monitoring

  • Collaborate with engineering and security teams to improve detection logic and use cases.
  • Develop and tune detection rules within SIEM, XDR, and MDR platforms.
  • Identify gaps in logging and telemetry and work with teams to onboard required data sources.
  • Ensure monitoring coverage for systems handling sensitive or critical data.
  • Contribute to threat modeling and detection strategy development.

Communication and Stakeholder Engagement

  • Communicate security incidents, risks, and trends to technical and non-technical stakeholders.
  • Provide clear and concise reporting on incident outcomes and lessons learned.
  • Partner with infrastructure, application, and business teams to improve security practices.
  • Support audit, compliance, and risk management activities as needed.

Qualifications

  • Bachelor's degree in computer science, information security, or equivalent experience.
  • 7+ years of experience in a SOC, incident response, or cybersecurity operations role.
  • Proven experience leading incident investigations and managing escalations.
  • Experience working with a managed detection and response (MDR) provider (preferred).
  • Strong understanding of security operations tools (SIEM, XDR, EDR, SOAR platforms).
  • Experience with detection tuning, threat hunting, and log analysis.
  • Demonstrated ability to develop SOC processes, playbooks, and operational documentation.
  • Strong leadership, mentoring, and team development skills.
  • Excellent analytical, problem-solving, and decision-making capabilities.
  • Strong written and verbal communication skills.

Preferred Qualifications

  • Experience with Splunk, Microsoft Sentinel, Defender XDR, and/or similar platforms.
  • Experience working in a hybrid SOC model (internal + MDR).
  • Familiarity with compliance frameworks (e.g., NIST, CMMC).
  • Relevant certifications such as CISSP, GCIA, GCIH, or equivalent.

The Company is an Equal Opportunity Employer.



Applied = 0

(web-77cf7d65c7-wz29x)