Threat Detection and Response-Manager

Job Description :

• Lead and manage 24x7 Security Operations Center (SOC) activities, overseeing security operations, team performance, resource planning, and service delivery.
• Direct cybersecurity threat detection, analysis, assessment, and mitigation activities to safeguard enterprise infrastructure and critical business assets.
• Partner with IT Risk, Compliance, and Internal/External Audit teams to support security assessments, maintain audit readiness, and ensure compliance with organizational policies and regulatory requirements.
• Continuously identify, evaluate, and monitor emerging cyber threats, vulnerabilities, and risks to strengthen the organization's security posture and operational resilience.
• Lead the development, enhancement, and governance of SOC playbooks, ensuring standardized threat detection, monitoring, incident response, forensic investigations, and containment processes aligned with industry best practices.
• Design, develop, optimize, and manage Splunk security use cases, correlation rules, dashboards, alerts, and reporting to improve threat visibility and detection effectiveness.
• Drive continuous enhancement of SIEM and SOAR platforms by evaluating emerging technologies, automation opportunities, and cybersecurity best practices.
• Tune and optimize detection rules to improve alert fidelity, reduce false positives, and increase the efficiency of security monitoring operations.
• Collaborate with cross-functional technology and business teams to investigate security incidents, coordinate remediation efforts, and strengthen enterprise security controls.
• Mentor and guide SOC analysts and engineers, promoting technical excellence, knowledge sharing, and continuous improvement across security operations.

• Bachelor's degree in Business, Management, Computer Science, Cybersecurity, or a related discipline, with 8-10 years of experience in cybersecurity operations, threat management, or information security within global, matrix-managed organizations.
• Proven leadership experience with a minimum of 5 years managing security teams, driving operational excellence, mentoring analysts, and leading cross-functional initiatives.
• Extensive expertise in Cybersecurity Operations, Threat Detection & Response, Vulnerability Management, Incident Response, Digital Forensics, and Security Operations Center (SOC) functions.
• Strong technical knowledge of network security technologies, including Firewalls, IPS, WAF, VPN, Proxy, anomaly detection, host and network forensics, operating systems, and web application security.
• Hands-on experience with SIEM, SOAR, EDR, and forensic platforms, including Splunk, Splunk Enterprise Security, Phantom, CrowdStrike, Tanium, Microsoft Defender, EnCase, FTK, SIFT, Volatility, Wireshark, TCPDump, and Python.
• Experience securing hybrid and cloud environments (AWS, Azure, Google Cloud), with expertise in cloud security, application security, database security, endpoint security, and secure product development lifecycles.
• Deep understanding of security governance, risk management, vulnerability management, security architecture, and compliance, with experience conducting security assessments, audits, and risk evaluations.
• Strong knowledge of cybersecurity frameworks and industry standards, including MITRE ATT&CK, Cyber Kill Chain, NIST 800 Series, ISO 27001, SOC 2, FFIEC, FedRAMP, and CSA STAR.
• Demonstrated analytical and problem-solving capabilities with expertise in threat hunting, attack analysis, security event correlation across multiple data sources, executive reporting, KPI development, and operational metrics.
• Preferred experience in the Financial Services industry, supported by industry-recognized certifications such as CISSP, CISM, CySA+, CEH, GSEC, GCIA, GCFA, GCIH, EnCE, Splunk Certifications, or equivalent cybersecurity credentials.