SOC Operations Deputy Lead

Northwave is a leading European cybersecurity specialist, protecting organizations against increasingly complex digital threats. With deep expertise in offensive and defensive security, behavior, and monitoring, we support our customers through managed security services and high-impact consultancy. Our Security Operations Center plays a central role in this mission, operating as a high-trust, high-precision environment where technology and expertise come together.

To further strengthen this foundation, we are expanding our Operations capability within the SOC team.

The SOC Operations Deputy Lead supports the Team Lead in managing the SOC analysts and ensuring smooth day-to-day operations. This role focuses on operational leadership, mentoring, and quality assurance, acting as a bridge between analysts and leadership, especially during the Team Lead’s absence.

• Assist in coordinating daily SOC-OPS activities and shift operations.
• Provide technical guidance and mentoring to analysts.
• Ownership of operational standards; collaborate with the Team Lead on reporting and metrics in creating dashboards and KPIs for SOC performance.
• Act as escalation point for operational issues and incidents.
• Work with the team to focus on optimizing alerting to reduce false positives.
• Lead incident response efforts when required and ensure proper documentation.
• Review escalated security incidents and guide Tier 1 and Tier 2 analysts.
• Support quality assurance and influence continuous improvement initiatives.
• Step in as acting Team Lead during absences or leave.
• HR Responsibilities: None. The Deputy Lead does not hold formal HR responsibilities but may provide input on performance and development during reviews.
• Assist in shift planning, workload distribution, and operational coverage when needed or in the absence of the team lead.
• Attend vendor meetings with the team lead to help support SOC Operations.
• Support tier‑two analysts with customer‑related queries and support on tickets.
• Support OPS by regularly taking queue work in investigation and triage to understand difficulties and bottlenecks of the team.
• Contribute to operational improvement processes and documentation of such.
• Work within the team on dedicated threat hunts and recommend improvements.

In addition to the core role, your work will also require technical expertise in an environment where SOC Operations quality and operational reliability are essential:

• Understand log sources (Windows, Linux, network, cloud, EDR logs) and what “normal vs. Abnormal” looks like.
• Understand detection rules, KQL queries, scheduled analytics, and correlation rules.
• Have strong hands‑on incident‑response experience, including triage, containment, eradication and recovery procedures.
• Network traffic analysis.
• Understand attacker TTPs: lateral movement, privilege escalation, command & control.
• Use of IR tooling (EDR, XDR, packet capture, forensic suites).
• Knowledge of common network protocols (DNS, HTTP/S, SMB, RDP) and how attackers pivot through networks.
• Understand how vulnerabilities are scored, exposure management and prioritization, and how attackers weaponize vulnerabilities.
• Skilled in scripting with Python, PowerShell, Bash, and creating SOAR playbooks (e.g., in Sentinel, Swimlane).
• Technical awareness of security frameworks (NIST 800‑61, ISO 27001, CIS Controls).

• At least 3 years of experience leading or coordinating teams in a SOC operations environment.
• A strong passion and knowledge of technical expertise within SOC Operations.
• A strong understanding of cybersecurity operations, incident response, and crisis management.
• Strong communication skills and the ability to translate complex technical topics into clear actions.
• Relevant bachelor’s or master’s degree.

Interested? If you are considering a next step where leadership, responsibility and technical development come together, we would love to talk. If you don’t meet every single requirement, we’d still be happy to receive your application.

Contact Youri Roelofs at youri.roelofs@northwave-cybersecurity.com