Role Overview
We are seeking a highly experienced and technically strong SOC Manager to lead and evolve our Security Operations Center into a mature, engineering-driven, and outcome-focused capability in the AI driven world.
This Role Requires a Hybrid Leader Who Can
- Drive 24x7 SOC operations excellence
- Own SIEM/SOAR engineering & detection lifecycle
- Collaborate closely with Product & Development teams
- Influence platform enhancements through operational intelligence
- Build and mentor high-performing security teams
- Highlight risks and gaps in logging methodologies
- Improve security posture across multi-tenant cloud and on-prem environments
Key Responsibilities
- SOC Operations Leadership & Incident Governance
- Lead 24x7 SOC operations including detection, triage, escalation, containment, and recovery.
- Serve as final escalation point (L3/L4) for complex and high-severity incidents.
- Define and enforce incident response lifecycle aligned with NIST, ISO 27001, and MITRE ATT&CK.
- Ensure adherence to SLA / OLA targets (MTTA, MTTR, containment time).
- Conduct executive-level incident briefings and publish detailed RCA reports.
- Ensure compliance with organizational security policies and audit requirements.
- Oversee case quality assurance and investigation standards.
- SOC Engineering & Detection Engineering
- Own SIEM/SOAR architecture optimization and performance tuning.
- Lead log onboarding strategy (cloud, on-prem, hybrid environments).
- Ensure proper log normalization, parsing, enrichment, and correlation.
- Drive full detection use-case lifecycle:
- Threat modelling
- Use-case creation
- Validation & tuning
- Performance measurement
- Decommissioning of ineffective rules
- Reduce alert fatigue through risk-based alerting, contextual enrichment, and behavioural analytics.
- Implement detection-as-code practices with version-controlled rule management.
- Ensure high ingestion performance and scalable log retention strategies.
- Threat Hunting & Advanced Analysis
- Establish and lead proactive threat hunting programs.
- Map detection coverage against MITRE ATT&CK framework.
- Perform advanced investigations including:
- Packet capture analysis
- Endpoint telemetry analysis
- Log correlation across multiple data sources
- Integrate threat intelligence feeds and manage IOC lifecycle.
- Identify emerging attack patterns and update detection coverage accordingly.
- Product Engineering & Platform Enhancement Ownership
- Act as the primary SOC liaison for Product and Engineering teams.
- Translate operational pain points into structured enhancement requirements.
- Maintain and prioritize a backlog of platform improvements.
- Provide structured feedback on:
- Detection gaps
- Alert noise
- Data ingestion latency
- Query performance issues
- UX inefficiencies impacting analysts
- Participate in sprint planning and architecture discussions and provide inputs for enhancements
- Be part of pilot validation of new features prior to production release.
- Quantify impact of enhancements (false positive & incident reduction %, MTTR improvement, automation coverage growth).
- Client Onboarding & Security Architecture Oversight
- Lead secure onboarding of customers across:
- AWS / Azure / GCP
- On-prem data centers
- Hybrid architectures
- Conduct log gap assessments and telemetry validation.
- Align detection coverage to client risk profiles.
- Participate in customer governance calls and QBRs.
- Provide architectural recommendations to improve customer security posture.
- Team Leadership & Capability Development
- Lead, mentor, and manage L1/L2/L3 analysts.
- Establish skill matrix and structured career progression roadmap.
- Conduct periodic case audits and performance reviews.
- Develop training programs in:
- Advanced detection engineering
- Threat hunting
- Forensics
- Automation
- Drive hiring, onboarding, and succession planning.
- Build a high-performance, accountability-driven culture.
- Metrics, Reporting & Continuous Improvement
- Define and monitor SOC KPIs:
- MTTA / MTTR
- False positive ratio
- Detection accuracy
- Automation coverage
- Incident recurrence rate & reasoning
- Publish monthly executive dashboards.
- Conduct quarterly SOC maturity assessments.
- Drive continuous improvement roadmap aligned with business growth.
Mandatory Technical Skills
- 10–12 years of cybersecurity experience.
- Minimum 4–5 years in SOC Lead / SOC Manager role.
- Strong hands-on experience in at least one SIEM platform:
- Splunk / Sentinel / QRadar / Elastic / AlienVault / DNIF / McAfee ESM.
- Experience implementing SOAR automation.
- Deep understanding of:
- Network security (Firewall, IDS/IPS, WAF)
- EDR/XDR platforms
- Cloud security (AWS, Azure)
- Identity & Access Management
- Strong knowledge of:
- MITRE ATT&CK & Defend
- NIST & NIST IR Framework
- Defense-in-Depth architecture
- Experience with query writing and log analysis on SIEM technologies.
Preferred Technical & Engineering Skills
- Scripting (Python / PowerShell / Bash) would be added advantage.
- Exposure to DevSecOps environments.
- Knowledge of container and Kubernetes, cloud security.
- Data analytics for anomaly detection.
- Familiarity with compliance frameworks:
- ISO 27001
- SOC 2
- PCI-DSS
- HIPAA
Certifications (Preferred)
- CISSP / CISM
- CEH
- CompTIA Security+
- GIAC Certifications (GCIA / GCIH / GCED)
- Cloud Security Certifications (AWS / Azure / GCP/ Oracle)
Leadership Competencies
- Strong executive communication and stakeholder management.
- Ability to manage high-pressure incidents.
- Strategic thinking with operational excellence.
- Engineering mindset with product-oriented thinking.
- Strong documentation and governance discipline.
Work Model
- Mandatory 5-day work from office (Bangalore or Mumbai).
- On-call availability during major incidents or IR situations.
