Lead SOC Engineer

Lead SOC Engineer

Work Experience: 9 to 15 Years

Work Timing: EST Hours – US work timing

Work Location: Chennai, Pune, Bangalore – Work from office/Hybrid

Key Responsibilities:

1. Security Tool Engineering & Management

● Lead the design, implementation, and maintenance of core security platforms, including SIEM, EDR or XDR, SOAR, and Threat Intelligence Platforms.

● Develop and fine-tune SIEM correlation rules, dashboards, alerts, and integrate new log sources.

● Manage and optimize EDR or MDR or Intune agents, ensure full coverage, and report and remediate tooling gaps.

● Oversee Cisco Umbrella monitoring, alert response, URL policy configurations, and tuning.

● Manage MDM or MAM or UEM platforms, including device enrollment, configuration, compliance, lifecycle, and app deployments.

● Support and maintain MFA tooling (Cisco Duo) and implement SSO integrations for applications.

● Perform certificate and public key infrastructure (PKI) administration.

2. Advanced Threat Detection, Monitoring & Hunting

● Implement proactive threat hunting methodologies across endpoints, cloud, and network.

● Conduct in-depth forensic analysis, log analysis, and packet analysis to detect sophisticated attacks.

● Monitor and respond to SIEM and EDR alerts during 12×5 operations with on-call escalation for critical alerts.

3. Vulnerability & Patch Management Governance

● Govern remediation activity from bi-weekly vulnerability scans and penetration tests.

● Coordinate with IT for patch management compliance across operating systems and applications.

4. Email Security Engineering (Proofpoint or SPF or DKIM orDMARC)

● Design, configure, and manage email security solutions to protect inbound or outbound mail.

● Monitor Proofpoint alerts, tune filters, and manage DLP policies.

5. Device Security, Compliance & Enrollment

● Manage device provisioning, enrollment, policy enforcement, and secure configuration baselines.

● Oversee BYOD security, selective wipe, mobile application security, and compliance enforcement.

6. Incident Response & Governance

● Lead incident triage, containment, eradication, and recovery actions.

● Conduct root cause analysis and provide executive-level reporting.

7. Governance, SOP Development & Compliance

● Create and maintain SOPs, KB articles, and documentation aligned to security frameworks.

● Participate in annual security audits, assisting with evidence gathering and auditor engagement.

8. Security Awareness & Training (KnowBe4 Governance)

● Oversee governance of KnowBe4 user awareness training, enrollment, and campaign assignments.

● Track compliance, escalate per SOP, and generate training & phishing metrics.

● Create awareness communications and align training with current threat trends.

9. Mentorship & Leadership

● Contribute to the security program strategy, technology evaluations, and process improvements.

● Conduct knowledge-sharing sessions and maintain internal training materials.

Required Qualifications:

● Minimum 8 years of experience in security engineering, operations, or similar role.

● Strong background in incident response, threat hunting, and device security management.

Technical Skills:

● Expert knowledge of security technologies including EDR, SIEM, MDM or UEM, MFA, PAM, DLP, and DNS filtering.

● Strong understanding of NIST CSF, CIS Controls, and MITRE ATT&CK.

Soft Skills:

● Excellent communication and documentation skills.

● Strong analytical abilities and high attention to detail.

● Ability to work in high-pressure environments and manage on-call escalations.

● Collaborative mindset with the ability to work cross-functionally.

Education & Certifications:

● Bachelor's degree or equivalent experience.

● Good to have certifications: CISSP, GIAC (GCIH, GCFA, GCTI), OSCP, or tool-specific certifications (Splunk, Sentinel, CrowdStrike, Intune, Proofpoint, Zscaler, CyberArk, etc.)