SOC Lead – Security Operations & Incident Response

Company Description American Iron & Metal (AIM)

is a family-owned company and recognized global leader in the metal recycling industry with more than 125 sites and 4000 employees worldwide. We have continued to prosper for the last eight decades thanks to the dedication of our employees and the ongoing trust and support of our customers.

Become part of team AIM, a growing team with an entrepreneurial spirit who has over the years evolved into a successful and multifaceted company with business divisions that include metal recycling, decommissioning and demolition, auto-parts sales and recycling, manufacturing of solder assemblies, construction waste recycling, and production of customized industrial and mining products.

We take pride in doing good things for the environment to help create a greener, more sustainable future for all.

It’s simple; we do it right. We AIM for excellence.

Job Description We are seeking an experienced SOC Leader to lead our Security Operations Center and oversee all aspects of security monitoring, incident response, and SOC team management. The ideal candidate has 10+ years of pure SOC and incident response experience, including several years in a lead or managerial role, and brings strong hands-on technical skills combined with people leadership, coaching, and team development. You will be responsible for the day-to-day operations of the SOC, driving continuous improvement of detection and response capabilities, and developing a high-performing team of analysts.

Key Responsibilities :

SOC Leadership & Management

- Lead, manage, and mentor a team of SOC analysts (Tier 1–3) and incident responders

- Coordinate activities between internal and external teams and partners

- Own SOC staffing, scheduling, and on-call rotations to ensure 24/7 or defined coverage

- Set clear expectations, goals, and development plans for team members; conduct regular 1:1s and performance reviews

- Create a positive, accountable culture focused on learning, collaboration, and continuous improvement

Operations & Incident Response

- Oversee day-to-day SOC operations, including alert triage, investigation quality, and incident handling

- Act as the incident response lead or escalation point for high-severity incidents.

- Ensure timely, consistent execution of incident response processes (containment, eradication, recovery, lessons learned)

- Coordinate closely with IT, infrastructure, application, and business teams during security events

- Participate in on-call rotation as a point of escalation

Process, Governance & Continuous Improvement

- Maintain and evolve SOC runbooks, playbooks, and standard operating procedures

- Define and track SOC KPIs and metrics (MTTD, MTTR, incident volumes, false positives, etc.) and report to leadership

- Drive improvements in alert quality, automation, and workflow to reduce noise and increase efficiency

- Contribute to the overall incident response program, including tabletop exercises and post-incident reviews

Technology & Detection

- Oversee effective use of SIEM, EDR/XDR, SOAR, and other security tools in the SOC.

- Collaborate with detection engineers and security architects to develop and tune use cases, correlation rules, and analytics.

- Evaluate new tools and capabilities that can strengthen monitoring, threat hunting, and response.

Stakeholder Management & Communication

- Serve as the primary point of contact for security incidents to internal stakeholders and leadership

- Provide clear, concise incident updates and post-incident reports for technical and non-technical audiences

- Partner with risk, compliance, and audit teams to demonstrate SOC effectiveness and support assessments

Qualifications

- 8+ years of hands-on experience in a SOC and incident response role in medium or large environments - 2–4+ years in a lead or managerial capacity (Team Lead, Shift Lead, Supervisor, or Manager) within a SOC

- Strong technical background in SIEM platforms (e.g., Splunk, Microsoft Sentinel, QRadar, etc.), EDR/XDR solutions, endpoint security, and network security technologies (firewalls, IDS/IPS, proxies, etc.)

- Strong understanding of common attack techniques, threat actors, and frameworks (e.g., MITRE ATT&CK)

- Proven experience leading or coordinating major security incidents from initial detection through to closure

- Demonstrated people leadership skills: coaching, feedback, performance management, conflict resolution

- Experience creating and maintaining documentation, runbooks, and operational processes

- Strong communication skills (written and verbal), able to interact effectively with both technical teams and executives

- Ability to remain calm and make sound decisions under pressure

- Experience in regulated industries (e.g., financial services, healthcare, critical infrastructure)

- Relevant certifications such as GIAC (GCIH, GCIA, GCFA, GCED, etc.), CISSP, CISM, or similar

Additional Information

What we offer!

- A competitive wage, vacation, benefits and a RRSP matching program

- Annual AIM tuition scholarship program up to $8,500 per eligible dependents

- The tools and support needed to be successful in your career and professional development

- A dynamic & rewarding work environment that is also a lot of fun!