Vehicle SOC Manager

Leading the future in luxury electric and mobility

At Lucid, we set out to introduce the most captivating, luxury electric vehicles that elevate the human experience and transcend the perceived limitations of space, performance, and intelligence. Vehicles that are intuitive, liberating, and designed for the future of mobility.

We plan to lead in this new era of luxury electric by returning to the fundamentals of great design – where every decision we make is in service of the individual and environment. Because when you are no longer bound by convention, you are free to define your own experience.

Come work alongside some of the most accomplished minds in the industry. Beyond providing competitive salaries, we’re providing a community for innovators who want to make an immediate and significant impact. If you are driven to create a better, more sustainable future, then this is the right place for you.

Role Summary

We are seeking a Lead SOC Validation & Adversary Simulation Engineer to strengthen the effectiveness of our Security Operations Center (SOC / VSOC) by continuously validating detections, response workflows, and telemetry using adversary-informed testing techniques.

This role is SOC-owned and SOC-driven. The primary objective is to improve detection fidelity, reduce blind spots, and increase SOC readiness across vehicle, cloud, and other environments. Adversary simulation and Purple Team techniques are used as methods to harden SOC operations not as standalone Red Team activities.

Key Responsibilities

• SOC Detection Validation & Assurance (Primary Focus)

• Own continuous validation of SOC detections across:

• Vehicle telemetry and in-vehicle IDS

• Telematics and backend services

• Cloud APIs, and other supporting systems

• Validate alerts against realistic attacker behavior, not synthetic rules

• Identify:

• Detection gaps

• Signal quality issues

• Excessive false positives or low-value alerts

• Partner with SOC engineers to improve alert logic, correlation, and response playbooks

• Adversary Simulation in Support of SOC

• Design controlled adversary simulations to test SOC capabilities:

• API misuse and abuse

• Lateral movement

• Unauthorized diagnostics or ECU access

• Align scenarios to MITRE ATT&CK (Cloud API + Automotive)

• Coordinate with Red Team only when advanced exploitation is required

• SOC Telemetry & Signal Engineering

• Work with platform and product teams to:

• Improve log coverage and quality

• Define high-value security signals

• Reduce noisy or redundant telemetry

• Influence what gets logged, where, and why—from ECUs to cloud services

• Help SOC prioritize telemetry based on risk and detection value

• Incident Readiness & Response Validation

• Validate SOC incident response workflows through:

• Detection-driven exercises

• Tabletop scenarios informed by real attack paths

• Measure and improve:

• Mean Time to Detect (MTTD)

• Mean Time to Triage (MTTT)

• Mean Time to Respond (MTTR)

• Ensure SOC procedures align with real attack timelines

• Threat Modeling & Risk Alignment

• Leverage TARA / threat-modeling outputs to prioritize SOC coverage

• Ensure SOC monitoring aligns with:

• ISO/SAE 21434

• UNECE R155/R156

• Translate detection gaps into risk-based narratives for leadership and auditors

• Support audit evidence by demonstrating validated monitoring effectiveness

• Automation & Continuous SOC Validation

• Build or enhance SOC validation automation, including:

• Detection testing frameworks

• Alert replay and validation pipelines

• Coverage and maturity dashboards

• Integrate validation workflows into:

• SIEM

• SOAR

• CI/CD where applicable

• Reduce manual SOC testing and increase repeatability

• Metrics, Reporting & Leadership Communication

• Define SOC-focused KPIs such as:

• ATT&CK coverage by detection

• Detection efficacy over time

• Reduction in blind spots

• Produce clear SOC maturity and readiness reports

• Communicate findings to:

• SOC leadership

• Product security

• Engineering stakeholders

Required Qualifications

Technical Experience

• Cybersecurity with strong SOC, detection engineering, or incident response experience

• Deep understanding of:

• SOC operations and alert lifecycle

• Detection engineering and signal tuning

• Adversary techniques and kill chains

• Experience working with:

• SIEM and SOC tooling

• Cloud and API monitoring

• Network and system telemetry

• Strong scripting or automation skills (Python, Go, C)

Leadership & Collaboration

• Proven experience leading SOC improvement initiatives

• Ability to influence detection priorities across teams

• Strong written and verbal communication skills

• Comfortable presenting to leadership and auditors

Additional Compensation and Benefits: Lucid offers a wide range of competitive benefits, including medical, dental, vision, life insurance, disability insurance, vacation, and 401k. The successful candidate may also be eligible to participate in Lucid’s equity program and/or a discretionary annual incentive program, subject to the rules governing such programs. (Cash or equity incentive awards, if any, will depend on various factors, including, without limitation, individual and company performance.)

By Submitting your application, you understand and agree that your personal data will be processed in accordance with our Candidate Privacy Notice. If you are a California resident, please refer to our California Candidate Privacy Notice.

To all recruitment agencies: Lucid Motors does not accept agency resumes. Please do not forward resumes to our careers alias or other Lucid Motors employees. Lucid Motors is not responsible for any fees related to unsolicited resumes.