Manager

Role Overview

We are seeking a highly experienced and technically strong SOC Manager to lead and evolve our Security Operations Center into a mature, engineering-driven, and outcome-focused capability in the AI driven world.

This role requires a hybrid leader who can:

• • Drive 24x7 SOC operations excellence

• Own SIEM/SOAR engineering & detection lifecycle

• Collaborate closely with Product & Development teams

• Influence platform enhancements through operational intelligence

• Build and mentor high-performing security teams

• Highlight risks and gaps in logging methodologies

• Improve security posture across multi-tenant cloud and on-prem environments

Key Responsibilities

1. SOC Operations Leadership & Incident Governance

• • Lead 24x7 SOC operations including detection, triage, escalation, containment, and recovery.

• Serve as final escalation point (L3/L4) for complex and high-severity incidents.

• Define and enforce incident response lifecycle aligned with NIST, ISO 27001, and MITRE ATT&CK.

• Ensure adherence to SLA / OLA targets (MTTA, MTTR, containment time).

• Conduct executive-level incident briefings and publish detailed RCA reports.

• Ensure compliance with organizational security policies and audit requirements.

• Oversee case quality assurance and investigation standards.

2. SOC Engineering & Detection Engineering

• • Own SIEM/SOAR architecture optimization and performance tuning.

• Lead log onboarding strategy (cloud, on-prem, hybrid environments).

• Ensure proper log normalization, parsing, enrichment, and correlation.

• Drive full detection use-case lifecycle:

• Threat modelling

• Use-case creation

• Validation & tuning

• Performance measurement

• Decommissioning of ineffective rules

• Reduce alert fatigue through risk-based alerting, contextual enrichment, and behavioural analytics.

• Implement detection-as-code practices with version-controlled rule management.

• Ensure high ingestion performance and scalable log retention strategies.

3. Threat Hunting & Advanced Analysis

• • Establish and lead proactive threat hunting programs.

• Map detection coverage against MITRE ATT&CK framework.

• Perform advanced investigations including:

• Packet capture analysis

• Endpoint telemetry analysis

• Log correlation across multiple data sources

• Integrate threat intelligence feeds and manage IOC lifecycle.

• Identify emerging attack patterns and update detection coverage accordingly.

4. Product Engineering & Platform Enhancement Ownership

• • Act as the primary SOC liaison for Product and Engineering teams.

• Translate operational pain points into structured enhancement requirements.

• Maintain and prioritize a backlog of platform improvements.

• Provide structured feedback on:

• Detection gaps

• Alert noise

• Data ingestion latency

• Query performance issues

• UX inefficiencies impacting analysts

• Participate in sprint planning and architecture discussions and provide inputs for enhancements

• Be part of pilot validation of new features prior to production release.

• Quantify impact of enhancements (false positive & incident reduction %, MTTR improvement, automation coverage growth).

5. Client Onboarding & Security Architecture Oversight

• • Lead secure onboarding of customers across:

• AWS / Azure / GCP

• On-prem data centers

• Hybrid architectures

• Conduct log gap assessments and telemetry validation.

• Align detection coverage to client risk profiles.

• Participate in customer governance calls and QBRs.

• Provide architectural recommendations to improve customer security posture.

6. Team Leadership & Capability Development

• • Lead, mentor, and manage L1/L2/L3 analysts.

• Establish skill matrix and structured career progression roadmap.

• Conduct periodic case audits and performance reviews.

• Develop training programs in:

• Advanced detection engineering

• Threat hunting

• Forensics

• Automation

• Drive hiring, onboarding, and succession planning.

• Build a high-performance, accountability-driven culture.

7. Metrics, Reporting & Continuous Improvement

• • Define and monitor SOC KPIs:

• MTTA / MTTR

• False positive ratio

• Detection accuracy

• Automation coverage

• Incident recurrence rate & reasoning

• Publish monthly executive dashboards.

• Conduct quarterly SOC maturity assessments.

• Drive continuous improvement roadmap aligned with business growth.

Mandatory Technical Skills

• • 10–12 years of cybersecurity experience.

• Minimum 4–5 years in SOC Lead / SOC Manager role.

• Strong hands-on experience in at least one SIEM platform:

• Splunk / Sentinel / QRadar / Elastic / AlienVault / DNIF / McAfee ESM.

• Experience implementing SOAR automation.

• Deep understanding of:

• Network security (Firewall, IDS/IPS, WAF)

• EDR/XDR platforms

• Cloud security (AWS, Azure)

• Identity & Access Management

• Strong knowledge of:

• MITRE ATT&CK & Defend

• NIST & NIST IR Framework

• Defense-in-Depth architecture

• Experience with query writing and log analysis on SIEM technologies.

Preferred Technical & Engineering Skills

• • Scripting (Python / PowerShell / Bash) would be added advantage.

• Exposure to DevSecOps environments.

• Knowledge of container and Kubernetes, cloud security.

• Data analytics for anomaly detection.

• Familiarity with compliance frameworks:

• ISO 27001

• SOC 2

• PCI-DSS

• HIPAA

Certifications (Preferred)

• • CISSP / CISM

• CEH

• CompTIA Security+

• GIAC Certifications (GCIA / GCIH / GCED)

• Cloud Security Certifications (AWS / Azure / GCP/ Oracle)

Leadership Competencies

• • Strong executive communication and stakeholder management.

• Ability to manage high-pressure incidents.

• Strategic thinking with operational excellence.

• Engineering mindset with product-oriented thinking.

• Strong documentation and governance discipline.

Work Model

• • Mandatory 5-day work from office (Bangalore or Mumbai).

• On-call availability during major incidents or IR situations.