SOC Manager

GSPANN Technologies, Inc

Hyderabad, India

8-10 Years

Save

Posted a month ago
Be among the first 10 applicants

Early Applicant

Job Description

Security Operations Center (SOC), Microsoft Sentinel, Microsoft Defender Suite, Cribl, Endpoint Detection and Response (EDR), Cloud Security, Network Detection and Response (NDR)

Description

GSPANN is hiring an SOC Manager to lead 24x7 Security Operations leveraging Microsoft Sentinel, Microsoft 365 Defender, and Cribl. The role focuses on driving SOC strategy, incident response, detection engineering, automation, and compliance alignment across cloud and enterprise environments.

Location: Hyderabad

Role Type: Full Time

Published On: 18 February 2026

Experience: 8 - 10 Years

Share this job

Description

GSPANN is hiring an SOC Manager to lead 24x7 Security Operations leveraging Microsoft Sentinel, Microsoft 365 Defender, and Cribl. The role focuses on driving SOC strategy, incident response, detection engineering, automation, and compliance alignment across cloud and enterprise environments.

Role and Responsibilities

Define and execute the SOC vision, operating model, and multi-year roadmap, leveraging Microsoft Sentinel, Microsoft 365 Defender, and Cribl.
Design and implement end-to-end SOC architecture integrating SIEM (Microsoft Sentinel), SOAR (Sentinel Playbooks and Azure Logic Apps), EDR (Defender for Endpoint), Defender for Cloud, NDR, Threat Intelligence platforms, and Cribl pipelines.
Align SOC strategy with business risks, emerging threats, and compliance frameworks such as NIST, ISO 27001, SOC 2, and PCI-DSS.
Drive SOC maturity from reactive to proactive and predictive using automation, analytics, AI capabilities, and threat intelligence.
Serve as the highest technical escalation authority for critical incidents detected through Sentinel or Defender.
Validate investigations, response actions, and Cribl-processed data pipelines to ensure accuracy and integrity.
Review and approve detection logic, analytics rules, hunting queries (KQL), and advanced threat use cases.
Oversee 24/7 SOC operations across the Microsoft Security ecosystem and Cribl data pipelines.
Establish and enforce SOPs, runbooks, playbooks, and escalation workflows to ensure operational consistency.
Identify and eliminate operational bottlenecks, visibility gaps, and data ingestion challenges.
Define, track, and optimize SOC KPIs including MTTA, MTTR, dwell time, and detection coverage while ensuring SLA compliance.
Lead continuous improvement initiatives using Sentinel Workbooks, automation analytics, Cribl dashboards, and threat-hunting insights.
Build SOC competency frameworks, define career paths, and lead hiring, onboarding, and certification programs.
Improve analyst efficiency by tuning alerts, implementing automation, and balancing workloads.
Lead SOC tool selection, integration, optimization, and vendor management with a focus on Microsoft Security and Cribl platforms.
Act as the executive liaison during major security incidents and deliver clear, risk-focused updates to leadership.
Ensure audit readiness by implementing structured evidence collection, compliance reporting, and regulatory documentation processes.

Skills And Experience

Demonstrate deep expertise in Microsoft Sentinel, including analytics rules, KQL hunting, workbooks, UEBA, and SOAR playbooks.
Hands-on experience across Microsoft Defender suite, including Defender for Endpoint, Defender for Cloud, Defender for Identity, and Defender for Office 365.
Apply strong knowledge of SIEM/SOAR architecture, detection engineering, log ingestion, and data connectors.
Exhibit advanced proficiency in Cribl Stream, including pipeline creation, data routing, transformation, and log cost optimization.
Demonstrate expert-level KQL skills for detection engineering and threat hunting.
Apply strong knowledge of Azure cloud security, identity security, Zero Trust architecture, and Microsoft Entra ID security features.
Lead incident response efforts using structured methodologies and a deep understanding of MITRE ATT&CK, cyber kill chain, and adversary TTPs.
Implement and operationalize compliance frameworks, including NIST, ISO 27001, SOC 2, and PCI-DSS.
Demonstrate hands-on experience with Azure Monitor, Log Analytics, Logic Apps, API integrations, and custom connectors.
Possess scripting expertise in PowerShell or Python to enable automation and orchestration.
Lead L1L3 SOC teams with proven experience managing 24x7 operational environments.
Design and enforce SOC processes, including runbooks, SOPs, escalation models, and incident workflows.
Exhibit strong decision-making capability during high-severity security incidents.
Define and manage KPIs and SLAs aligned with business outcomes.
Demonstrate strong executive communication skills with the ability to translate technical risks into business impact.
Drive long-term SOC maturity through strategic planning and structured roadmap execution.
Hold Microsoft certifications such as SC-200, SC-300, SC-100, AZ-500; Cribl certifications are preferred.
Bring exposure to AI-driven detection, UEBA models, DevSecOps practices, and multi-cloud security environments (AWS/GCP).