Those are workload specific roles, much like you can have custom roles/role Groups in Exchange Online. Even though Microsoft has been steadily adding new AAD roles and introducing some RBAC controls, they will likely never match the set of individual roles/role groups within the Security/Compliance center, and I don't believe they're aiming at that, either.
As for documentation, the set of Exchange role/role group management cmdlets applies. Though we have limited control over the SCC roles, compared to the Exchange ones.
And, we are also seeing some indications that Graph API endpoints are coming, eventually. The /roleManagement endpoint recently added support for the Exchange Online provider. SCC ones are the next logical step.