SOCless is a serverless framework designed to automate security workflows and respond to threats quickly and at scale, allowing organizations to defend their customers against threats more effectively. It was developed by Twilio's Security Operations team as a solution to the challenge of automating threat investigation and response procedures for large-scale businesses. SOCless is open-sourced and provides a modular and extensible architecture that enables security teams to focus on designing runbooks while executing them quickly and effectively. The framework uses AWS Lambda functions, Step Functions, API Gateway Endpoints, and DynamoDB tables to coordinate workflows and integrate with security products or scripts. It also includes a Python library called socless_python that abstracts away the complexities of its architecture, allowing developers to focus on implementing use-cases. SOCless has already been successfully used by Twilio's Security Operations team to automate various security runbooks, including phishing email detection, anomaly investigation, and compliance auditing. The framework is designed to be easy to manage, extend, and adapt to match an ever-changing environment and threat landscape, making it a valuable tool for organizations looking to scale their security incident response capabilities.