Senior Cyber Security Operations Center Specialist

The Role

We are seeking an experienced Senior Cyber Security Operations Center Specialist to join our growing Security Operations Center (SOC) and help strengthen SoFi's cybersecurity posture. This position will report to the Director of the Security Operations Center and will collaborate closely with Product Security, Tools, Automation and Operations, and Engineering teams.

The Security Operations Center (SOC) team is responsible for detecting, analyzing, and responding to threats against SoFi's infrastructure and assets. As a Senior Cyber Security Operations Center Specialist, you will lead incident handing efforts, perform advanced threat hunting, and conduct offensive security operations to proactively identify vulnerabilities and strengthen our defensive capabilities by simulating real-world attack scenarios.

In this role, you will be at the forefront of SoFi's security operations, protecting our organization by investigating, containing, remediating, and documenting security incidents while continuously improving our detection and response capabilities through both defensive measures and offensive security testing.

What you’ll do:

• Lead security incident investigations, including triage, containment, eradication, and recovery phases
• Conduct proactive threat hunting to identify potential security gaps and adversary activities
• Perform blue team defensive operations while leveraging red team offensive security knowledge to anticipate attack vectors
• Plan and execute red team operations to test security controls and identify vulnerabilities
• Develop and enhance detection rules and correlation logic to identify sophisticated threats
• Execute Digital Forensics and Incident Response (DFIR) activities during security incidents
• Create and maintain incident response playbooks and procedures
• Participate in on-call rotation for critical security incidents
• Mentor junior analysts and contribute to the team's professional development
• Collaborate with cross-functional teams to improve security posture and response capabilities

What you’ll need:

• 5+ years of experience in cybersecurity with focus on SOC operations and incident response
• Experience with cloud security monitoring and incident response in AWS, Azure, or GCP environments
• Strong background in threat hunting methodologies and techniques
• Expertise in DFIR processes, tools, and techniques (e.g., Digital Forensics, eDiscovery, Internal Investigations)
• Experience leading incident response activities and coordinating cross-functional response teams
• Proficiency with SIEM platforms, EDR solutions, and security orchestration tools
• Strong background in data collection and log analysis techniques
• Knowledge of common attack frameworks (MITRE ATT&CK) and threat intelligence sources
• Strong communication skills and ability to explain technical concepts to various audiences
• Excellent analytical and problem-solving skills with attention to detail

Nice to have:

• Demonstrated experience in both blue team (defensive) and red team (offensive) security operations
• Experience planning and executing offensive security operations and adversary emulation
• Participation in security competitions, CTFs, or bug bounty programs
• Familiarity with containerization technologies (Docker, Kubernetes) and their security implications
• Relevant certifications (e.g., SANS GIAC, CISSP, OSCP)