Bengaluru, Karnataka
Job Summary
The Track Lead (Support & Operations) plays a pivotal role in managing security event investigations and implementing technical solutions within the organization. This position focuses on enhancing operational efficiencies, ensuring client satisfaction, and fostering a culture of continuous improvement and innovation among teams. The Track Lead is instrumental in aligning operational goals with organizational objectives while empowering teams to meet client SLAs effectively.
Incident Detection & Investigation
Act as the L3/L4 escalation for confirmed and suspected security incidents
Investigate incidents across:
Endpoint (EDR/XDR)
SIEM and log platforms
Network telemetry
Identity systems (AD / Entra ID)
Cloud environments (Azure, AWS, M365)
Perform deep‑dive analysis to identify:
Root cause
Attack vector
Threat ‑ Informed Response
Map attacker behavior to MITRE ATT&CK techniques
Correlate incidents with:
Threat intelligence
Active campaigns
Known adversary TTPs
Key Responsibilities
1. Implement And Optimize Soar Solutions To Automate Security Event Investigations, Ensuring Timely And Accurate Incident Response While Enhancing Overall Operational Efficiency.
2. Develop And Maintain Comprehensive Reporting Systems Using Siem Tools To Provide Insights Into Security Incidents And Operational Performance, Facilitating Informed Decision-Making.
3. Lead And Mentor The Support Team By Fostering Transparent Communication Of Project Goals And Encouraging The Adoption Of Best Practices In Security Operations.
4. Collaborate With Clients To Thoroughly Understand Their Security Needs, Ensuring The Support Team Delivers Tailored Solutions That Exceed Client Expectations.
5. Drive Innovation By Identifying Opportunities For Process Improvements And Implementing New Ideas That Enhance The Effectiveness Of Security Operations.
Skill Requirements
1. Strong Proficiency In Security Event Investigation And Soar Technologies.
2. In-Depth Knowledge Of Siem Tools And Their Application In Operational Environments.
3. Excellent Problem-Solving Abilities And A Strong Understanding Of Client Relationship Management.
4. Proven Leadership Skills With The Ability To Mentor And Empower Teams Effectively.
Strong experience with SIEM/SOAR platforms (Splunk, Microsoft Sentinel, XSIAM)
Hands‑on EDR/XDR experience (Microsoft XDR, CrowdStrike, SentinelOne, Palo Alto)
Proficiency in:
KQL / SPL / advanced hunting queries
Log and telemetry correlation
Deep understanding of:
Windows, Linux, macOS internals
Identity systems (AD, Entra ID)
Network fundamentals and attack techniques
Familiarity with:
MITRE ATT&CK
NIST 800‑61 (Incident Response)
Other Requirements
1. Optional But Valuable Certifications: Certified Information Systems Security Professional (Cissp), Security+ Certification, Or Any Relevant Soar Or Siem Certifications
5–10 years in SOC, Incident Response, or Cyber Defense roles
Experience operating in 24×7 SOC environments
Certifications (preferred):
GCIH, GCIA, GCED
SC‑200, AZ‑500, CISSP
#body.unify div.unify-button-container .unify-apply-now: focus, #body.unify div.unify-button-container .unify-apply-#body.unify div.unify-button-container .unify-apply-now: focus, #body.unify div.unify-button-container .unify-apply-
