Experience: 10 to 12 years
Location : Bengaluru
Role Overview:
Lead and own the agile product organization for the internal Cyber Defense team (12 members), driving the product vision, roadmap, and outcomes to achieve measurable success in cybersecurity.
Key Responsibilities:
- Oversee 247 cyber defense operations (SOC), ensuring continuous monitoring, rapid incident response, and effective escalation management.
- Continuously enhance team capabilities across all owned domains, including EDR/XDR, SIEM, NDR, email security, cloud security (Azure), and identity threat detection (AD, Entra ID, CTI).
- Maintain a prioritized backlog of features, detections, playbooks, integrations, and control improvements.
- Develop, maintain, and continuously improve detection and response use-cases and playbooks.
- Coordinate and lead escalated security incidents and response activities, leveraging XDR/SIEM/SOAR toolsets where applicable.
- Conduct recurring technical audits, track remediation efforts, and drive continuous improvements.
- Report periodic KPIs related to security incidents, providing evidence when necessary for internal compliance or breach actions.
- Contribute to the development and delivery of Security Awareness programs and content organization-wide.
- Ensure comprehensive documentation of all activities and alignment with head office requirements.
Experience & Qualifications:
- Minimum 10 years of experience in cyber defense / SOC operations and management.
- At least 3 years in a leadership role, ideally combined with Product Owner responsibilities.
- Proven experience in large corporate environments with hands-on expertise in security tools (EDR, NDR, UTM Firewalls, SIEM, Email Security, etc.).
- Strong troubleshooting skills for medium to complex security issues, with the ability to analyze environments and collaborate closely with internal customers.
- Experience working in agile Scrum/SAFe-based organizations.
People Leadership & Technical Expertise:
- Experience in building and developing high-performing teams.
- Deep understanding of cyber defense / SOC operations, incident response lifecycle, and detection engineering, with a focus on continuous improvement.
- Hands-on experience with security platforms such as MS Entra & M365 Security, Sophos, Vectra, Elastic Security, or equivalent.
- Proficiency in mapping detections to MITRE ATT&CK and measuring detection coverage.
- Experience handling and troubleshooting escalated security incidents using XDR/SIEM/SOAR toolsets.
- Strong collaboration with client/server/network/cloud (M365/Azure) SMEs.
- Familiarity with ITSM tools and processes.
- Knowledge of ISO27001 and NIST standards and processes.
- Preferred certifications: CISSP, CISA, CCSP, Security+, or equivalent.
- Agile process certifications (SAFe or equivalent) are advantageous.
- Experience in red/purple teaming or threat hunting is a plus.
