Bangalore, Karnataka
Job Summary
PREFERRED CERTIFICATIONS\\\\r\\\\n\\\\r\\\\n· GCIH / GCIA / GMON / SEC504 or similar SANS / GIAC certifications\\\\r\\\\n\\\\r\\\\n· SC-200, AWS Security Specialty, Google Professional Cloud Security Engineer, Azure Security Engineer Associate\\\\r\\\\n\\\\r\\\\n· CEH, CySA+, Security+, CSA or equivalent SOC / IR certifications We are looking for a seasoned Incident Response / SOC Lead to drive security monitoring, threat detection, incident response, and operational maturity for enterprise-scale environments. The role requires strong leadership across incident handling, prioritization, stakeholder communication, major incident management, process governance, and continuous improvement of detection and response capabilities across cloud, endpoint, network, and application environments.
Key Responsibilities
Lead a 10-member SOC / Incident Response team responsible for security monitoring, incident triage, threat hunting, investigation, containment coordination, and remediation tracking. · Drive end-to-end Security Incident Response operations including detection, triage, validation, containment support, eradication, recovery, and post-incident follow-up for high severity incidents. · Own and lead major incident handling (P1 / P2), bridge calls, war-room discussions, stakeholder updates, escalations, and crisis management to minimize business impact. · Manage and provide technical oversight for security platforms such as CrowdStrike Falcon, Splunk ES, Cisco SSE, AWS, Azure / GCP, and related detection or response tooling. · Perform advanced investigation and threat hunting using SIEM technologies such as Splunk and Anvilogic, including log correlation, IOC analysis, pattern identification, and attack-path analysis. · Apply MITRE ATT&CK;, threat intelligence, and NIST-aligned incident response practices to guide investigations, threat hunting, and response improvements. · Lead root cause analysis and post-incident reviews, and deliver executive-ready incident reports with actionable remediation, lessons learned, and control enhancement recommendations. · Drive improvements in SOPs, incident playbooks, knowledge articles, escalation matrices, shift handovers, and technical documentation to standardize and mature operations. · Partner with global and cross-functional teams including cloud, platform, infrastructure, email security, identity, application, and business stakeholders during active incident response and remediation. · Lead tabletop exercises, incident simulations, and readiness assessments to validate response preparedness, improve decision making, and enhance analyst performance. · Monitor KPIs, SLAs, investigation timelines, alert acknowledgement metrics, and service quality indicators to ensure operational effectiveness and continuous improvement. · Mentor analysts, review investigations, guide use case tuning, and act as an escalation point for complex threats, critical incidents, and operational blockers
Skill Requirements
REQUIRED TECHNICAL SKILLS · Strong hands-on experience in Security Operations Center (SOC), Incident Response, and threat hunting domains. · Expertise in SIEM and detection technologies such as Splunk ES, Anvilogic, or equivalent platforms. · Hands-on knowledge of endpoint and cloud security tools including CrowdStrike Falcon and security capabilities across AWS, Azure, and GCP. · Strong understanding of network security concepts and protocols such as TCP/IP, DNS, HTTP/S, VPN, proxies, firewalls, IDS/IPS, and secure web gateways. · Experience handling endpoints, email threats, identity compromise, suspicious authentication patterns, malicious files, and anomalous behaviors. · Strong knowledge of NIST incident response framework, MITRE ATT&CK;, Cyber Kill Chain, and security operations best practices. · Experience with Linux environments and security analysis in hybrid, cloud, and enterprise environments. · Ability to create / tune detections, drive log source onboarding, improve visibility, and support forensic or evidence-based investigations. · Good working knowledge of ticketing / case management platforms such as ServiceNow or JIRA.
Other Requirements
PREFERRED SKILLS · Exposure to security automation, SOAR, KQL / SPL queries, and detection engineering. · Experience with packet analysis, malware triage, threat intelligence platforms, or container / Kubernetes security. · Experience supporting global stakeholders and operating in follow-the-sun or shift-based models. · Ability to present incident trends, dashboard metrics, and security posture updates to leadership. CANDIDATE PROFILE · 10+ years of overall cybersecurity experience with significant hands-on depth in incident response / SOC operations. · Prior experience leading analysts or small / mid-sized SOC teams in enterprise environments. · Strong analytical mindset and calm decision-making ability during high-pressure incidents and crisis situations. · Excellent written and verbal communication skills with ability to engage technical teams and leadership stakeholders effectively. · Bachelor’s degree in Computer Science, Information Security, Information Technology, or equivalent experience.
#body.unify div.unify-button-container .unify-apply-now: focus, #body.unify div.unify-button-container .unify-apply-#body.unify div.unify-button-container .unify-apply-now: focus, #body.unify div.unify-button-container .unify-apply-