At Armor, we are committed to making a meaningful difference in securing cyberspace. Our vision is to be the trusted protector and de facto standard that cloud-centric customers entrust with their risk. We strive to continuously evolve to be the best partner of choice, breaking norms and tirelessly innovating to stay ahead of evolving cyber threats and reshaping how we deliver customer outcomes. We are passionate about making a positive impact in the world, and we are looking for highly skilled and experienced talent to join our dynamic team.
Armor has unique offerings to the market so customers can a) understand their risk, b) leverage Armor to co-manage their risk, or c) completely outsource their risk to Armor.
Learn more at: https://www.armor.com
Armor is seeking an Incident Response and Security Operations Technical Leader to serve as the senior technical authority for our managed security practice in Pune. This role operates at the practice level, cooperating with a US based peer, defining incident response methodology, leading detection strategy, shaping the expanded operational scope of the SOC, and driving the highest-impact customer engagements. The Technical leaders actively leads strategic projects to operationalize new customer-facing capabilities across vulnerability management, control validation, data security, and security technology, and policy management. As the technical apex of the Incident Response and Security Operations (SOC) organization, this role mentors the entire team, influences cross-functional roadmaps, and represents Armor's security expertise to customers, partners, and industry forums.
Additional duties may be assigned as required.
-
Define and continuously evolve incident response methodology, detection strategies, and consultation frameworks across the practice.
-
Lead strategic customer engagements requiring senior technical consultation on incident response, threat landscape, and security architecture.
-
Actively lead the most complex and highest-impact projects to operationalize new customer-facing SOC capabilities; set delivery standards across the practice.
-
Serve as the ultimate technical escalation point for the most complex triage or incident investigations requiring advanced forensic analysis or threat research.
-
Architect detection and response capabilities: SIEM optimization, SOAR workflow design, and threat detection use-case strategy.
-
Build agentic AI capabilities to automate operations and drive the level of effort of the team towards supporting higher value customer engagement and decision making.
-
Consult with customer executives on security strategy, risk posture, and program maturity.
-
Evaluate and recommend, considering build vs. buy modalities, emerging technologies including AI/ML-assisted detection, automated response, and cloud-native security capabilities.
-
Own the practice-level knowledge management strategy; ensure the SOC's collective knowledge is captured, current, and continuously enriched.
-
Define cross-functional handoff standards and escalation protocols between the SOC and Engineering, Product, and Customer Success teams.
-
Mentor the entire security operations organization; technical talent development needs and build programs to address them at scale in cooperation with management.
-
Champion professional development across the practice; define certification roadmaps and create continuing education structures for all tiers.
-
Collaborate cross-functionally with Engineering, Product, and Customer Success to align service capabilities with customer needs and market direction.
-
Develop and deliver advanced training on analytical techniques, consultation skills, and emerging threats.
-
Represent Armor's technical capabilities to customers, partners, and industry forums.
-
Engage customers directly via video, phone, chat, and executive briefings; model the consultative standard for the entire team.
-
Expert-level proficiency in incident response methodology, detection engineering, and security architecture.
-
Deep expertise in cloud security across Azure, AWS, and VMware including cloud-native threat detection and response.
-
Expertise in multiple security technologies, including but not limited to, Microsoft Sentinel, Microsoft Defender XDR, Microsoft Purview, QRadar, WAF (F5 preferred), and chaos search.
-
Advanced threat hunting and forensic analysis skills; ability to lead investigations of sophisticated APT-level attacks.
-
Strong programming skills (Python, PowerShell, KQL) for automation, tooling development, and detection content.
-
Proficiency with agentic AI tools (Claude, OpenAI Codex, or equivalent); strategic vision for AI/ML integration across security operations.
-
Effective presence with ability to consult constructively with management and executive stakeholders across video, phone, and written channels.
-
Deep expertise across all SOC operational domains: vulnerability management, control validation, security technology management, and policy management.
-
Strategic vision for evolving the SOC from reactive IR to a proactive, full-scope security consultancy.
-
Strong leadership, mentoring, and cross-functional collaboration skills.
-
Excellent English written and verbal communication for customer deliverables, presentations, and internal influence.
-
8+ years of experience in incident response, security consulting, or detection engineering with progressive technical leadership.
-
Required certifications within 12 months: AZ-500, SC-200, SC-300, SC-401
-
Certifications required: GCIH and GCFA, or equivalent.
-
Certifications preferred: CISSP, GREM, GNFA, OSCP.
-
Bachelor's Degree in Information Technology, Cybersecurity, or related field required; Master's preferred; equivalent experience accepted.
-
Sustained record of growing technical talent and advancing team capabilities through mentoring, training design, and continuing education.
Join Armor if you want to be part of a company that is redefining cybersecurity. Here, you will have the opportunity to shape the future, disrupt the status quo, and be a part of a team that celebrates energy, passion, and fresh thinking. We are not looking for someone who simply fills a role. We want talent who will help us write the next chapter of our growth story.
-
Commitment to Growth: A growth mindset that encourages continuous learning and improvement with adaptability in the face of challenges.
-
Integrity Always: Sustain trust through transparency and honesty in all actions and interactions regardless of circumstances.
-
Empathy In Action: Active understanding, compassion, and support for the needs of others through genuine connection.
-
Immediate Impact: Taking initiative with swift, informed actions to deliver positive outcomes.
-
Follow-Through: Dedication to delivering finished results with attention to quality and detail to achieve the desired outcomes.
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. The noise level in the work environment is usually low to moderate. This is an in-office position based at one of our SOC locations.
Equal opportunity employer — it is the policy of the company to comply with all employment laws and to afford equal employment opportunity to individuals in all aspects of employment, including in selection for job opportunities, without regard to race, color, religion, sex, national origin, age, disability, genetic information, veteran status, or any other consideration protected by federal, state, or local laws.
