Primary Responsibilities
SOC Operations & Security Monitoring
Lead day-to-day 24x7 SOC operations
Oversee monitoring and investigation across:
CrowdStrike MDR / Falcon (SIEM, EDR, threat telemetry)
Proofpoint (Email security, phishing analysis, TAP s)
Palo Alto Firewalls (network s, session monitoring, threat prevention)
Ensure timely triage, classification, and escalation of s based on severity and business impact.
Validate MDR escalations and ensure alignment with internal response playbooks.
Correlate events across endpoint, email, network, and cloud telemetry to detect attack patterns and lateral movement.
Ensure proper logging retention standards are implemented and maintained.
Incident Response Leadership & Escalation
Ensure implementation, maintenance, and continuous improvement of the Cybersecurity Incident Response Plan (CIRP).
Lead investigation of high-priority and critical security incidents.
Coordinate response activities across IT, infrastructure, business units, Legal, HR, and Compliance.
Oversee containment, eradication, recovery, and post-incident review.
Ensure Root Cause Analysis (RCA) reports are completed for major incidents.
Provide escalation advisory and executive-ready summaries during major events.
Phishing, Email Security & Brand Protection Oversight
Oversee phishing investigations and campaign-level analysis using Proofpoint.
Approve blocking of malicious IPs, URLs, domains, and sender IDs.
Monitor large-scale phishing or impersonation campaigns and coordinate mitigation strategy.
Ensure Content Search & Purge processes are executed when required.
Threat Intelligence & Proactive Defense
Guide intelligence-driven threat hunting using TTP-based methodologies.
Lead proactive threat hunting using CrowdStrike telemetry and SIEM datasets.
Recommend improvements to incident classification matrix and severity assignment.
Collaborate with red/purple teams to validate detection capabilities and improve playbooks.
Firewall & Network Security Oversight (Palo Alto)
Oversee investigation of firewall s including session limit events, scanning attempts, and exploit activity.
Coordinate appropriate blocking on Palo Alto.
Coordinate with network teams for DoS policy tuning and traffic validation.
Monitor for suspicious ingress/egress traffic patterns and unauthorized access attempts.
Process, Documentation & Compliance
Oversee development and quarterly updates of operational runbooks.
Ensure SOC processes align with regulatory frameworks (ISO 27001, NIST, SOC 2, etc.).
Review and approve runbooks within defined timelines.
Support internal and external audits with timely documentation and evidence.
Reporting & Executive Communication
Deliver daily, weekly, and monthly SOC performance reports as directed.
Provide business-focused summaries on major incidents and emerging threats.
Translate technical findings into clear, executive-level impact statements.
Provide trend analysis across endpoint, email, and network security domains.
Key Expectations
Operate effectively in a 24x7 shift-based security environment.
Lead by example during high-pressure incidents.
Ensure consistent, high-quality incidents handling across all technologies.
Continuously improve detection, response, and operational maturity.
Serve as the escalation point for complex technical and operational security matters.
Required Qualifications
Experience
5–8+ years in security operations, incident response, or threat detection.
2–4 years in a SOC or IR role, with at least 2 years in a leadership or team‑lead capacity.
Hands‑on experience with SIEM platforms (CrowdStrike MDR), Proofpoint, EDR tools (CrowdStrike, Defender for Endpoint), and network security monitoring.
Technical Skills
Strong understanding of attack techniques and threat actor behaviors (MITRE ATT&CK).
Experience with log analysis, packet capture tools, and forensic techniques.
Basic scripting skills preferred (PowerShell, Python) for automation and investigation tasks.
Familiarity with cloud security, identity telemetry, and modern detection strategies.
Certifications (Preferred)
CompTIA Security+, CySA+, GCIA, GCIH, or equivalent.
CrowdStrike certifications (CCFA, CCFR, CCFH) are a plus.
Exposure to Red/Blue/Purple Team methodologies is beneficial.
Preferred Attributes
CrowdStrike certifications (CCFA, CCFR, CCFH).
Experience with SOAR platforms, SIEM tools, and cloud security monitoring.
Strong Incident analysis and reporting skills is a must.
Ability to work effectively in a fast‑paced, 24x7 SOC environment.
Excellent communication, leadership, and documentation skills.
Ability to translate technical findings into business‑relevant insights.