Location: India (Noida)
Experience: 610 years overall, 2+ years in SOC leadership
Reports To: Head of Cyber Defense / CISO
Role Summary
Own 247 SOC operations with deep expertise in log analysis and forensics. Lead detection engineering, incident handling, evidence management, and continuous improvement across people, process, and tooling.
Key Responsibilities
- Direct SOC operations: shift hygiene, SLA tracking, stakeholder comms, executive updates.
- Detection engineering and content tuning (KQL/ElasticQL/Sigma/SPL) for EDR, identity, email, and cloud.
- Lead high-severity incidents: scoping, containment, eradication, recovery, PIRs with actionable actions.
- Forensics & Evidence: acquisition (disk/mem/logs), chain-of-custody, timeline/triage, data integrity (hashing).
- Purple teaming, tabletop exercises, attack simulations; ATT&CK mapping and coverage metrics.
- Hiring, mentoring, and career development for analysts; run training and certifications plan.
Required Skills
- Hands-on with SIEM (Elastic/Splunk/Chronicle) and EDR/XDR (SentinelOne/CrowdStrike), email security, and cloud telemetry.
- Proficient in log analysis, correlation, and anomaly detection; comfortable with PCAP and memory triage tools.
- Strong knowledge of IR frameworks (NIST/ISO), evidence handling, and reporting to exec/board audiences.
- Excellent verbal and written communication under pressure.
Nice-to-Have
- Experience in regulated environments (fintech/edtech); knowledge of ISO 27001/27701, DPDP, RBI directions.
- SOAR design/maintenance; malware analysis fundamentals.
KPIs
- MTTD/MTTR, detection coverage & false-positive rate, PIR action closure, readiness drill scores, stakeholder satisfaction.
