Lead, Security Operations Center

Cloud & Application Security Team

Poshmark is the leading fashion marketplace where style comes alive through discovery, self-expression, and human connection. Powered by a vibrant community of 165 million members, Poshmark brings real people and taste to shopping through a social experience shaped by shared discovery. Buying and selling fashion feels simple, joyful, and personal, while every item tells its own story. Poshmark empowers sellers to grow meaningful businesses, keeps fashion in circulation longer, and gives shoppers access to unique and trusted finds, from everyday pieces to one-of-a-kind vintage and luxury.

As the Security Operations Center (SOC) Lead at Poshmark, you will lead the critical mission of protecting our platform and 150 million Poshers from cyber threats. You will ensure operational excellence by overseeing the full incident response lifecycle—from threat detection to recovery—to significantly reduce risk. Your strategic leadership will enhance Poshmark's security posture, ensuring resilience, maintaining customer trust, and helping business grow. This role serves as the crucial link between strategy, policy and daytoday operations, translating complex issues into clear actionable insights.

Responsibilities

• Develop, review, and maintain high-quality SOC playbooks and runbooks to streamline investigations and standardize response procedures.
• Drive improvements in detection, alerting, and incident response capabilities through automation, orchestration, and process refinement.
• Oversee the SOC’s daily operations, ensuring continuous monitoring and analysis of security event logs and alerts to promptly identify and escalate security incidents.
• Lead and coordinate end-to-end security incident management, including investigation, containment, eradication, recovery, and post-incident review.
• Direct root-cause analysis of sophisticated security incidents and targeted attacks across systems, networks, cloud environments, and application layers.
• Oversee tuning of security alerts to reduce false positives and increase operational efficiency; implement automated responses where appropriate.
• Partner closely with SRE, Cloud Security, IT Operations, Threat Intelligence, and other security teams to ensure timely remediation of identified issues.
• Manage SIEM strategy and operations, including onboarding new log sources, optimizing alert logic, and enhancing detection capabilities.
• Lead deployment and management of security monitoring solutions across all organizational environments.
• Guide and supervise threat-hunting initiatives to proactively identify malicious activity, suspicious behaviors, and emerging threats.
• Leverage threat intelligence, indicators of compromise (IOCs), and contextual data to enrich investigations and improve detection fidelity.
• Manage SOC-related projects, roadmap planning, team development, and operational execution.
• Champion the design and deployment of automated incident response workflows using SOAR and cloud-native automation tools to reduce analyst workload and accelerate containment.
• Implement automation playbooks that trigger predefined actions—such as isolating hosts, disabling compromised accounts, enriching alerts, or blocking malicious indicators—to improve response speed and consistency across the SOC.
• Evaluate emerging technologies, including AI-driven SOC analyst tools, and lead their implementation within the security operations environment.

Minimum Qualifications

• Minimum of 8 years of experience in a Security Operations role, with progressive leadership responsibilities.
• Experience with security technologies including SIEMs, firewalls, IDS/IPS, EDR, and vulnerability management tools.
• Hands-on experience leading or supporting security incident response and remediation activities.
• Experience with cloud security concepts, tools, and monitoring technologies (e.g., AWS, GCP, Azure).
• Strong understanding of SOC operations, logging pipelines, and security monitoring frameworks.
• Work with a global team of soc analysts to support the 24x7 model.

Preferred Qualifications

• Experience in Incident Response, Threat Hunting, Malware Analysis, or Digital Forensics.
• Experience working with SRE, DevOps, or SecDevOps teams in a collaborative operational environment.
• Relevant certifications such as GCIA, GCIH, GCFA, CISSP, or equivalent.
• Experience with scripting (Python, Bash, PowerShell) and automation frameworks.
• Prior experience managing or mentoring technical teams within a security function.

6-Month Accomplishments

• Consistently oversee and ensure timely execution of security incident investigation, containment, eradication, and recovery. Validate that incidents are fully resolved and documented, with lessons learned integrated into SOC processes.
• Maintain awareness of the evolving threat landscape by leveraging threat intelligence feeds, conducting regular research, and engaging with the security community.
• Deliver new high-fidelity detections and mature, actionable incident response playbooks for key attack scenarios. Ensure the SOC team is trained and aligned on newly implemented processes.

12+ Month Accomplishments

• Achieve measurable reductions in Mean-Time-to-Detect (MTTD) and Mean-Time-to-Respond (MTTR) through strategic automation, improved workflows, and optimized tooling.
• Demonstrably improve the organization’s overall security operations posture by continuously enhancing detection logic, developing high-fidelity alerts, and maintaining an up-to-date library of incident response playbooks.
• Successfully lead medium- and large-scale projects aimed at strengthening security visibility, detection maturity, threat-hunting effectiveness, and SOC operational excellence.
• Establish a robust automation framework that integrates SOAR, scripts, and cloud-native tooling to streamline detection, enrichment, and response at scale.