SOC Manager

About Us

At Delta Protect we make Cybersecurity and Compliance accessible, automated, and actionable for companies across Latin America. We support our clients with certifications such as ISO 27001, PCI DSS, SOC 2, HIPAA, integrating Pentesting, Threat Detection, Cyber Intelligence, and 24/7 Security Operations with a technical, human, and business approach.

From micro-enterprises to unicorns 🦄, we believe Cybersecurity and Compliance are for everyone.

Our Impact

• +300 companies trust us 🔒
• +500 successful projects delivered ⚙️
• +15K endpoints monitored in real-time 📡
• +1K critical vulnerabilities detected and remediated 💪
• +1M exposed data records detected on the dark web 👁️
• +7 countries with protected clients 🌎
• +6 years transforming cybersecurity in LATAM 🚀

Why join Delta?

Cyberattacks have increased by over 400% since the pandemic 🦠, and businesses are the primary target. Our purpose is clear: protecting LATAM's business landscape from the next cyber pandemic... and we want you to be part of the team building this defense. 🌎

What do we offer you?

• 🧠 High Performance Team: you'll learn more in 3 months than in 1 year elsewhere
• 💰 $1200 USD for your personal development
• 🩺 Major and minor medical insurance
• 💻 Hardware included
• 🚗 Uber transportation for in-person activities
• 🏝️ Flexible, results-oriented vacation
• 🏡 Hybrid work
• ✅ A culture focused on excellence and results-driven

How does the process work?

1. Apply using our form 📩
2. If your profile is a good fit, you'll have an initial exploratory call 🤝
3. We'll send you a technical or practical challenge ⚙️
4. You'll present your solution to the team lead during a video call 💡
5. You'll have a session with the Head of People to assess cultural fit 🧩
6. Finally, you'll speak with Delta Protect's founders 🚀

About the Role‍

At Delta Protect, we are looking for our next SOC Manager with a triple mission: to build, automate, and defend.

Lead the dSOC on Google SecOps (Chronicle SIEM + SOAR) and Google Threat Intelligence, designing it as an agentic SOC where Claude, Gemini, and n8n operate as human-supervised first-line analysts. Also lead the Incident Response and Digital Forensics (DFIR) as a differentiating capability for Delta Protect in LATAM.

You are an architect before an operator, and an operator before a manager. Getting your hands dirty in critical incidents, designing YARA-L rules, building agentic playbooks, and conducting forensic investigations. With strict alignment to NIST CSF, NIST SP 800-61r3, MITRE ATT&CK, and ISO 27001.

AI is not an assistant: it's a capability multiplier that the SOC Manager must design, instrument, and audit.

Your main challenges

• Build the dSOC from scratch: Design and implement the ingestion, parsing, enrichment, multi-tenant segmentation, and access control architecture on Google SecOps. Establish runbooks, operational ISMS, and technical acceptance criteria in a greenfield environment.
• Operate the SOC as an agentic system. Design and deploy autonomous agents for L1 triage, IOC enrichment, cross-tenant correlation, containment, and report generation. Instrument evaluation, guardrails, and auditing of agentic decisions. The goal: measurably reduce repetitive human workload and free up the team for deep investigation.
• Lead DFIR as a differentiating capability. Direct the end-to-end IR process under NIST SP 800-61r3, including war rooms, executive communication with clients, and legal coordination. Execute forensics when criticality demands it: memory, disk, network, cloud, and endpoint. Chain of custody, evidence preservation, and admissible reporting. Apply AI to accelerate analysis and drafting.
• Evolve detection with MITRE ATT&CK coverage. Design, deploy, and maintain YARA-L rules, SOAR playbooks, and detection-as-code with version control. Operate structured threat hunting with hypotheses, telemetry, and coverage metrics.
• Develop the Blue Team for agent supervision. Lead L1/L2 analysts and detection engineers. Design shifts, professional development, and technical career paths. Guide the team's transition from alert responders to architects and agent supervisors.
• Manage with data, not intuition. Define and govern MTTD, MTTR, SLA compliance, MITRE coverage, % of autonomously resolved alerts, and investigation quality. Build executive and operational dashboards that guide internal and client-facing decisions.
• Client relations and executive communication: Represent the dSOC to clients in kickoffs, QBRs, critical incident reviews, and posture presentations to CISOs, CIOs, and C-Level. Translate technical risk into business language with clarity and without oversimplification. Maintain calm and structured communication during critical incidents.

What you need to succeed

• 6–10 years in cybersecurity operations, with demonstrable experience building or scaling a SOC from an early stage (in-house or MSSP).
• Practical mastery of Google SecOps (Chronicle SIEM + SOAR): parsing, data models, YARA-L, playbooks, connectors.
• Direct experience in end-to-end IR under NIST SP 800-61r3 and in DFIR with hands-on capability in at least three of: memory, disk, network, cloud, or malware analysis.
• Experience designing agentic workflows in security with at least one platform: Google SecOps SOAR, n8n, Claude API/Agent SDK, LangGraph, or similar.
• Operational mastery of MITRE ATT&CK, scripting in Python/PowerShell/Bash, and EDR/XDR operation (SentinelOne or equivalent).
• Experience in project management under SLA in MSSP environments and in executive communication with clients (QBRs, kickoffs, C-Level escalations).
• Mastery of Google Threat Intelligence (Mandiant Advantage + VirusTotal) for threat hunting and operational enrichment.
• Experience with log collectors (Bindplane, Fluentd) and multi-tenant SIEM architecture.
• Knowledge of PCI DSS, HIPAA, or regulatory frameworks applicable to LATAM clients.
• Prior experience with Splunk, Microsoft Sentinel, QRadar, or Elastic as additional context to the Google SecOps stack.
• Professional level English.

Key Skills

• Facilitative Leadership 🏆: Empowers the team, doesn't hinder it.
• Builder First, Operator Second 🏗️: Designs before executing, but doesn't get stuck in the design phase.
• Agentic Mindset ⚡: Seeks to leverage AI and automation to multiply capacity.
• Hands-On in DFIR 🔬: Gets hands-on during incidents. Doesn't delegate tasks that require personal execution when criticality demands it.
• Strategic Thinking + Execution 🎯: Connects the Head of Blue Team's vision with daily operations and delivers measurable results.
• Data-Driven Mindset 📊: Makes decisions based on data, not intuition. Implements instrumentation before forming opinions.
• Executive and Client Communication 🗣️: Translates technical risk into business language. Maintains calm and clarity during critical incidents.
• Problem-Solver and Critical Thinker 🧠: Diagnoses quickly, distinguishes symptoms from root causes, and proposes structured solutions.
• Adaptability & Continuous Learning 📚: The threat landscape and AI stack evolve; the individual evolves with them.
• Integrity and Confidentiality 🔒: Handles critical client information with impeccable ethics.

Certifications

Core: GCIH or GSOC · CISM or CISSP · Blue Team Level 2 (BTL2) or Certified SOC Analyst (CSA)

DFIR:

• GCFA (GIAC Certified Forensic Analyst).
• GCFE (GIAC Certified Forensic Examiner).
• GNFA (GIAC Network Forensic Analyst).
• GREM (GIAC Reverse Engineering Malware).
• GCTI (GIAC Cyber Threat Intelligence).

Stack: Google SecOps Professional Security Operations Engineer · SentinelOne Certified Admin or SentinelOne Incident Response Engineer (SIREN) · Google Cloud Security Engineer or AWS Security Specialty

Compliance and Management: Knowledge of ISO 27001 · ITIL 4 Foundation.

Valued complementary skills: CompTIA CySA+, CEH · PMP, PMI-ACP or Scrum Master.

‍