SOC Principal - Threat Operations

  • Dublin
  • Permanent
  • Thu Dec 18 17:35:22 2025
  • 198772

SOC Principal – Threat Operations

Location: Ireland
Type: Full-Time
Salary: €105,000 – €135,000

A mature security operations function is adding a senior technical lead to sit at the centre of threat operations. This role exists to raise the bar on investigations, detection quality, and how complex threats are handled once they surface. It’s not a people-management-heavy position — it’s a hands-on authority role for someone trusted to make the hard calls when signals are unclear and stakes are high.

The environment blends managed services scale with deep technical ownership, requiring someone comfortable moving between investigation, hunting, and strategic improvement work.

The Role

You’ll act as the senior escalation point for complex and ambiguous threats, guiding investigations that don’t follow playbooks neatly. Alongside this, you’ll shape how the SOC detects, validates, and responds to advanced activity — working closely with detection engineering, threat intelligence, and incident response to close gaps and mature capability.

This is a role for someone who enjoys being inside the problem: validating alerts, challenging assumptions, refining logic, and quietly raising standards across the operation.

Key Responsibilities

  • Lead investigations into high-severity or unclear threat activity escalated from the SOC

  • Validate detections for technical accuracy, context, and real-world impact

  • Drive proactive threat hunting using behavioural indicators, intelligence, and anomaly patterns

  • Identify detection gaps and work with engineering teams to improve coverage and fidelity

  • Act as the technical escalation point for senior analysts during complex cases

  • Mentor analysts through investigations, not just outcomes

  • Contribute to playbooks, investigative standards, and detection lifecycle improvements

  • Support post-incident reviews and ensure lessons learned feed back into operations

  • Collaborate across threat intel, detection engineering, and IR teams to strengthen end-to-end response

  • Represent threat operations expertise in internal reviews and selected client discussions

Skills & Experience

  • 8+ years in SOC, threat operations, or incident response roles

  • Strong background in MSSP or multi-tenant security operations environments

  • Deep hands-on experience with SIEM, EDR, SOAR, and enrichment tooling

  • Strong capability analysing logs, artefacts, telemetry, IOCs, and attacker TTPs

  • Confident applying frameworks such as MITRE ATT&CK, kill chain models, and threat methodologies

  • Proven experience mentoring analysts and acting as a senior technical authority

  • Comfortable making decisions under pressure during live incidents

  • Clear communicator, able to explain complex threats without oversimplifying

Reperio Human Capital acts as an Employment Agency and an Employment Business.