Role Overview
We are seeking a highly experienced and technically strong SOC Manager to lead and evolve our Security Operations Center into a mature, engineering-driven, and outcome-focused capability in the AI driven world.
This role requires a hybrid leader who can:
-
Drive 24x7 SOC operations excellence
-
Own SIEM/SOAR engineering & detection lifecycle
-
Collaborate closely with Product & Development teams
-
Influence platform enhancements through operational intelligence
-
Build and mentor high-performing security teams
-
Highlight risks and gaps in logging methodologies
-
Improve security posture across multi-tenant cloud and on-prem environments
Key Responsibilities
1. SOC Operations Leadership & Incident Governance
-
Lead 24x7 SOC operations including detection, triage, escalation, containment, and recovery.
-
Serve as final escalation point (L3/L4) for complex and high-severity incidents.
-
Define and enforce incident response lifecycle aligned with NIST, ISO 27001, and MITRE ATT&CK.
-
Ensure adherence to SLA / OLA targets (MTTA, MTTR, containment time).
-
Conduct executive-level incident briefings and publish detailed RCA reports.
-
Ensure compliance with organizational security policies and audit requirements.
-
Oversee case quality assurance and investigation standards.
2. SOC Engineering & Detection Engineering
-
Own SIEM/SOAR architecture optimization and performance tuning.
-
Lead log onboarding strategy (cloud, on-prem, hybrid environments).
-
Ensure proper log normalization, parsing, enrichment, and correlation.
-
Drive full detection use-case lifecycle:
-
Threat modelling
-
Use-case creation
-
Validation & tuning
-
Performance measurement
-
Decommissioning of ineffective rules
-
Reduce alert fatigue through risk-based alerting, contextual enrichment, and behavioural analytics.
-
Implement detection-as-code practices with version-controlled rule management.
-
Ensure high ingestion performance and scalable log retention strategies.
3. Threat Hunting & Advanced Analysis
-
Establish and lead proactive threat hunting programs.
-
Map detection coverage against MITRE ATT&CK framework.
-
Perform advanced investigations including:
-
Packet capture analysis
-
Endpoint telemetry analysis
-
Log correlation across multiple data sources
-
Integrate threat intelligence feeds and manage IOC lifecycle.
-
Identify emerging attack patterns and update detection coverage accordingly.
4. Product Engineering & Platform Enhancement Ownership
-
Act as the primary SOC liaison for Product and Engineering teams.
-
Translate operational pain points into structured enhancement requirements.
-
Maintain and prioritize a backlog of platform improvements.
-
Provide structured feedback on:
-
Detection gaps
-
Alert noise
-
Data ingestion latency
-
Query performance issues
-
UX inefficiencies impacting analysts
-
Participate in sprint planning and architecture discussions and provide inputs for enhancements
-
Be part of pilot validation of new features prior to production release.
-
Quantify impact of enhancements (false positive & incident reduction %, MTTR improvement, automation coverage growth).
5. Client Onboarding & Security Architecture Oversight
-
Lead secure onboarding of customers across:
-
AWS / Azure / GCP
-
On-prem data centers
-
Hybrid architectures
-
Conduct log gap assessments and telemetry validation.
-
Align detection coverage to client risk profiles.
-
Participate in customer governance calls and QBRs.
-
Provide architectural recommendations to improve customer security posture.
6. Team Leadership & Capability Development
-
Lead, mentor, and manage L1/L2/L3 analysts.
-
Establish skill matrix and structured career progression roadmap.
-
Conduct periodic case audits and performance reviews.
-
Develop training programs in:
-
Advanced detection engineering
-
Threat hunting
-
Forensics
-
Automation
-
Drive hiring, onboarding, and succession planning.
-
Build a high-performance, accountability-driven culture.
7. Metrics, Reporting & Continuous Improvement
-
Define and monitor SOC KPIs:
-
MTTA / MTTR
-
False positive ratio
-
Detection accuracy
-
Automation coverage
-
Incident recurrence rate & reasoning
- Publish monthly executive dashboards.
-
Conduct quarterly SOC maturity assessments.
-
Drive continuous improvement roadmap aligned with business growth.
Mandatory Technical Skills
-
10–12 years of cybersecurity experience.
-
Minimum 4–5 years in SOC Lead / SOC Manager role.
-
Strong hands-on experience in at least one SIEM platform:
-
Splunk / Sentinel / QRadar / Elastic / AlienVault / DNIF / McAfee ESM.
-
Experience implementing SOAR automation.
-
Deep understanding of:
-
Network security (Firewall, IDS/IPS, WAF)
-
EDR/XDR platforms
-
Cloud security (AWS, Azure)
-
Identity & Access Management
-
Strong knowledge of:
-
MITRE ATT&CK & Defend
-
NIST & NIST IR Framework
-
Defense-in-Depth architecture
-
Experience with query writing and log analysis on SIEM technologies.
Preferred Technical & Engineering Skills
-
Scripting (Python / PowerShell / Bash) would be added advantage.
- Exposure to DevSecOps environments.
-
Knowledge of container and Kubernetes, cloud security.
-
Data analytics for anomaly detection.
-
Familiarity with compliance frameworks:
-
ISO 27001
-
SOC 2
-
PCI-DSS
-
HIPAA
Certifications (Preferred)
-
CISSP / CISM
-
CEH
-
CompTIA Security+
-
GIAC Certifications (GCIA / GCIH / GCED)
-
Cloud Security Certifications (AWS / Azure / GCP/ Oracle)
Leadership Competencies
-
Strong executive communication and stakeholder management.
-
Ability to manage high-pressure incidents.
-
Strategic thinking with operational excellence.
-
Engineering mindset with product-oriented thinking.
-
Strong documentation and governance discipline.
Work Model
-
Mandatory 5-day work from office (Bangalore or Mumbai).
-
On-call availability during major incidents or IR situations.
