Job Description
Leadership & Collaboration
-
Lead and mentor SOC analysts and contractors, fostering a high-performance, growth-oriented culture.
-
Build strong working relationships across Cybersecurity, Technology, and Business teams to support global operations.
-
Act as an escalation point during major incidents, providing clear direction and timely communication.
-
Provide technical leadership during complex investigations, guiding analysts through attacker‑driven scenarios.
Security Operations & Incident Response
-
Oversee monitoring, triage, investigation, and response to security events across a global environment.
-
Direct end-to-end incident response activities and ensure high quality documentation and reporting.
-
Conduct proactive threat hunting to identify emerging risks and detection gaps.
-
Perform deep dive analysis using endpoint telemetry, network forensics, and memory artifacts when required.
-
Apply offensive security thinking to anticipate attacker behavior and strengthen detection engineering.
Operational Maturity & Process Improvement
-
Maintain and enhance SOC use cases, detection logic, runbooks, and playbooks.
-
Continuously tune alerts to improve fidelity and reduce noise.
-
Ensure detection logic is mapped to MITRE ATT&CK and reflects current adversary TTPs.
-
Lead incident simulations and postmortems, driving measurable improvements in SOC performance.
-
Develop metrics and dashboards to communicate risk posture and operational effectiveness.
-
Develop and manage shift schedules to ensure consistent 24/7 operational coverage.
Automation, Tooling & Advanced Capabilities
-
Partner with Security Platform Engineering and drive SOAR automation to streamline workflows and enable analysts to focus on advanced investigations.
-
Partner with Security Engineering to optimize tools, improve detection coverage, and enhance response capabilities.
-
Collaborate with Threat Intelligence and Assessment teams to strengthen monitoring and accelerate autonomous response.
Governance, Reporting & Threat Awareness
-
Prepare concise, actionable reports for leadership on incidents, trends, and recommended improvements.
-
Stay current with global threat developments and translate insights into operational enhancements.
-
Ensure alignment with internal policies and financial-sector regulatory expectations.
Education:
- Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field; equivalent professional experience considered.
-
Industry-recognized certifications such as GSEC, GCIA, CISSP, OSCP, CEH, or similar are advantageous.
-
Offensive security certifications such as OSEP, OSWE, GXPN, or CREST are highly desirable.
-
Advanced training in incident response, threat hunting, or digital forensics is a plus.
-
Training in malware analysis, exploit development fundamentals, or adversary simulation is a strong advantage.
Experience Required:
-
10+ years of experience in enterprise cybersecurity or within a reputable security consulting/managed services organization.
-
7+ years of hands-on experience in a Security Operations Center (SOC) supporting large-scale, complex environments.
-
Proven experience leading and developing technical teams, including performance management and mentoring.
-
Demonstrated success managing 24x7 operational environments and shift-based teams.
-
Strong background in incident response, including chain of custody processes, forensic tools, and structured investigation methodologies.
-
Practical experience with SOAR platforms and automation workflows; ability to drive efficiency through orchestration.
-
Experience with threat hunting methodologies, behavioral analytics, and detection engineering is preferred.
-
Prior exposure to financial services, regulatory expectations, or high security environments is highly desirable.
General Requirements:
-
Exceptional communication skills with the ability to influence stakeholders and translate technical issues into business risk.
-
Strong understanding of both offensive and defensive security principles, including attacker TTPs and modern detection strategies.
-
Comfortable diving deep into technical investigations and challenging teams with an attacker‑focused perspective.
-
Strong curiosity and passion for understanding how attackers operate and using that knowledge to strengthen defenses.
-
Demonstrated ability to drive measurable improvements in monitoring, detection, and response at scale.
-
Collaborative mindset-works effectively across global teams and incorporates diverse perspectives to solve complex problems.
-
Highly analytical with strong decision-making skills, especially under pressure or during high-severity incidents.
-
Calm, organized, and resilient when working with tight deadlines or rapidly evolving situations.
-
Proven track record of building trust, leading by example, and maintaining high ethical standards.
-
Ability to work the 14:00 - 23:00 IST shift, with flexibility to adjust based on business needs.
Reporting Relationships
There is no set deadline to apply for this job opportunity. Applications will be accepted on an ongoing basis until the search is no longer active.