Logo for Arista Networks

Security Operations Center (SOC) Lead (Tier III)

Role overview

Qualifications

  • 6-8+ years in a SOC environment with significant experience in advanced incident response and leadership roles
  • Proven experience in mentoring technical staff and leading small to mid-sized security teams
  • Hands-on experience with CrowdStrike (or other EDR), triaging security incidents
  • Proven ability to write CQL (or similar) queries and build detections for threat monitoring

Responsibilities

  • Lead and mentor a team of junior and mid-level SOC analysts, fostering professional growth and technical proficiency
  • Drive resolution for high-priority and critical security incidents, acting as the primary technical point of escalation
  • Oversee and strategize proactive threat-hunting operations and detection engineering workflows
  • Monitor and triage security alerts

About the company

Arista Networks logo

Arista Networks

Computer Networking & Equipment

Company details

IndustryComputer Networking & Equipment

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Company Description

Arista Networks is an industry leader in data-driven, client-to-cloud networking for large data center, campus and routing environments. Arista is a well-established and profitable company with over $9 billion in revenue. Arista’s award-winning platforms, ranging in Ethernet speeds up to 800G bits per second, redefine scalability, agility, and resilience.  Arista is a founding member of the Ultra Ethernet consortium. We have shipped over 20 million cloud networking ports worldwide with CloudVision and EOS, an advanced network operating system. Arista is committed to open standards, and its products are available worldwide directly and through partners.

At Arista, we value the diversity of thought and perspectives each employee brings. We believe fostering an inclusive environment where individuals from various backgrounds and experiences feel welcome is essential for driving creativity and innovation.

Our commitment to excellence has earned us several prestigious awards, such as the Great Place to Work Survey for Best Engineering Team and Best Company for Diversity, Compensation, and Work-Life Balance. At Arista, we take pride in our track record of success and strive to maintain the highest quality and performance standards in everything we do.

Job Description

Who You’ll Work With

As the Tier III SOC Lead, you will report directly to the Sr. Security Manager of Security Operations while managing and mentoring a remote team of junior and mid-level SOC analysts. On a daily basis, you will collaborate closely with the Incident Response (IR) team to hand off escalated critical threats, partner with cross-functional IT and infrastructure teams to deploy remediation strategies, and coordinate with detection engineering peers to architect sophisticated queries using tools like CrowdStrike.

What You’ll Do

 

We are seeking a highly experienced and strategic Security Operations Center (SOC) Lead to spearhead our dynamic, remote cybersecurity team. The ideal candidate is a subject matter expert and technical leader with a protagonist track record of resolving complex security incidents and providing high-level technical guidance.

In this Tier III role, you will provide leadership and mentorship to the SOC team, ensuring the effective resolution of the most critical threats across Mac, Linux, and Windows environments. We are looking for a professional who drives technical excellence, mentors junior staff, and leverages deep expertise in CrowdStrike Query Language (CQL) to architect sophisticated detection strategies that protect our organization’s global assets.

Key Responsibilities:

  • Lead and mentor a team of junior and mid-level SOC analysts, fostering professional growth and technical proficiency.
  • Drive resolution for high-priority and critical security incidents, acting as the primary technical point of escalation.
  • Oversee and strategize proactive threat-hunting operations and detection engineering workflows.
  • Monitor and triage security alerts.
  • Build, test, and refine detections to enhance threat identification across Mac, Linux, and Windows systems.
  • Conduct in-depth analysis of security incidents, including malware, phishing, and advanced persistent threats, leveraging SIEM and EDR capabilities.
  • Perform proactive threat hunting using the SIEM and EDR features.
  • Investigate and respond to incidents swiftly, following established incident response protocols.
  • Document findings clearly and provide actionable remediation recommendations.
  • Collaborate with cross-functional teams to strengthen security controls and mitigate vulnerabilities.
  • Stay current on emerging threats, vulnerabilities, and industry trends through self-directed learning.
  • Participate in on-call rotation for 24x7x365 SOC coverage, demonstrating reliability and accountability.
  • Escalate confirmed or suspicious incidents and cases to the Incident Response team.

Qualifications

Experience:

  • 6-8+ years in a SOC environment with significant experience in advanced incident response and leadership roles.
  • Proven experience in mentoring technical staff and leading small to mid-sized security teams.
  • Hands-on experience with CrowdStrike (or other EDR), triaging security incidents.
  • Proven ability to write CQL (or similar) queries and build detections for threat monitoring.
  • Experience triaging alerts in a high-volume environment.
  • Experience with threat intelligence feeds, platform and OSINT tools (VirusTotal, etc.)
  • Familiarity with forensic analysis and evidence handling.

Skills and Attributes:

  • Exceptional critical thinking and analytical skills to address complex security challenges.
  • Self-starter with a proven ability to take initiative and deliver results independently.
  • Driven mindset, thriving in fast-paced, high-pressure remote work environments.
  • Strong understanding of cybersecurity principles, threat landscapes, and attack vectors.
  • Proficiency in analyzing logs, network traffic, and endpoint data using CrowdStrike Next-Gen SIEM, particularly for Mac and Linux systems (Windows experience a plus).
  • Solid knowledge of incident response processes and methodologies.
  • Familiarity with operating systems, with primary expertise in Mac and Linux, and secondary knowledge of Windows.
  • High attention to detail and ability to make sound decisions under pressure.
  • Demonstrated commitment to continuous learning and professional development in cybersecurity.

Nice-to-Have:

  • Experience leading large-scale security projects and contributing to the strategic development of security roadmaps.
  • Proficiency in scripting (e.g., Python) for automating SOC workflows.
  • Experience creating playbooks in Crowdstrike Fusion SOAR (or similar SOAR)
  • Knowledge of cloud security (GCP, AWS, and or Azure).
  • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).

Additional Information

Arista stands out as an engineering-centric company. Our leadership, including founders and engineering managers, are all engineers who understand sound software engineering principles and the importance of doing things right.

We hire globally into our diverse team. At Arista, engineers have complete ownership of their projects. Our management structure is flat and streamlined, and software engineering is led by those who understand it best. We prioritize the development and utilization of test automation tools.

Our engineers have access to every part of the company, providing opportunities to work across various domains. Arista is headquartered in Santa Clara, California, with development offices in Australia, Canada, India, Ireland, and the US. We consider all our R&D centers equal in stature.

Join us to shape the future of networking and be part of a culture that values invention, quality, respect, and fun.

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Security Operations Center (SOC) Analyst Related jobs

Other jobs at Arista Networks

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.