Why This Job is Featured on The SaaS Jobs
This Lead SOC Analyst focus on SIEM and SOAR stands out in SaaS because modern SaaS platforms operate across hybrid and cloud environments where telemetry volume, API driven integrations, and identity centric threats are constant. Freshworks builds enterprise grade CX and EX software used at scale, which typically demands mature security monitoring and automation to protect customer data and maintain service reliability.
For a long term SaaS security career, the remit offers durable experience in detection engineering and operational automation that translates across product led and enterprise SaaS companies. Work spanning log onboarding, correlation tuning, playbook design, and integrations with EDR, IAM, and cloud security tools maps closely to how contemporary SaaS security teams reduce mean time to detect and respond without expanding headcount linearly. Exposure to frameworks like MITRE ATT&CK also supports portability into threat hunting and security engineering tracks.
The role fits professionals who prefer building repeatable security operations capabilities rather than only handling individual incidents. It should suit someone comfortable coordinating across infrastructure, cloud, and security stakeholders, and who enjoys mentoring while still staying hands on with platforms such as Splunk, Sentinel, or QRadar and scripting via APIs.
The section above is editorial commentary from The SaaS Jobs, provided to help SaaS professionals understand the role in a broader industry context.
Job Description
Company Description
Organizations everywhere struggle under the crushing costs and complexities of “solutions” that promise to simplify their lives. To create a better experience for their customers and employees. To help them grow. Software is a choice that can make or break a business. Create better or worse experiences. Propel or throttle growth. Business software has become a blocker instead of ways to get work done.
There’s another option. Freshworks. With a fresh vision for how the world works.
At Freshworks, we build uncomplicated service software that delivers exceptional customer and employee experiences. Our enterprise-grade solutions are powerful, yet easy to use, and quick to deliver results. Our people-first approach to AI eliminates friction, making employees more effective and organizations more productive. Over 72,000 companies, including Bridgestone, New Balance, Nucor, S&P Global, and Sony Music, trust Freshworks’ customer experience (CX) and employee experience (EX) software to fuel customer loyalty and service efficiency. And, over 4,500 Freshworks employees make this possible, all around the world.
Fresh vision. Real impact. Come build it with us.
Job Description
Job Summary
We are seeking a Lead SOC Engineer with strong expertise in SIEM administration, SOAR automation, and security monitoring across both enterprise and cloud environments. The role will focus on enhancing SOC capabilities, improving threat detection, automating response processes, and ensuring visibility across on-premises and cloud infrastructure.
Key Responsibilities
Administer, maintain, and optimize SIEM platforms (Splunk, Sentinel, QRadar, etc.).
Design and implement SOAR playbooks to automate security operations and incident response.
Onboard and manage log sources from enterprise infrastructure, applications, and cloud environments.
Develop and tune detection rules, correlation searches, dashboards, and alerts.
Support incident investigations, threat hunting, and response activities.
Integrate SIEM/SOAR with EDR, IAM, cloud security, email security, and threat intelligence platforms.
Collaborate with infrastructure, cloud, and security teams to improve monitoring coverage and security posture.
Mentor SOC analysts and drive continuous improvement initiatives.
Qualifications
6–10 years of cybersecurity experience with SOC Engineering/Security Operations focus.
Minimum 3+ years of hands-on SIEM administration experience.
Minimum 2+ years of SOAR implementation and automation experience.
Strong experience managing security monitoring for both:
Enterprise environments (Windows, Linux, Active Directory, Network Security, Endpoint Security)
Cloud environments (Azure, AWS, and/or GCP)
Experience in onboarding and correlating logs from cloud-native security services and enterprise security tools.
Strong understanding of incident response, threat hunting, and detection engineering.
Experience with Python, PowerShell, APIs, and automation scripting.
Good knowledge of MITRE ATT&CK framework and modern threat detection methodologies.
Preferred Certifications
Microsoft SC-200 / SC-100
Splunk Certified Admin/Architect
GCIH, GCED
AWS or Azure Security certifications
Additional Information
At Freshworks, we have fostered an environment that enables everyone to find their true potential, purpose, and passion, welcoming colleagues of all backgrounds, genders, sexual orientations, religions, and ethnicities. We are committed to providing equal opportunity and believe that diversity in the workplace creates a more vibrant, richer environment that boosts the goals of our employees, communities, and business. Fresh vision. Real impact. Come build it with us.
