Role Overview
We are seeking a highly experienced and technically strong SOC Manager to lead and evolve our Security Operations Center into a mature, engineering-driven, and outcome-focused capability in the AI driven world.
This role requires a hybrid leader who can:
Drive 24x7 SOC operations excellence
Own SIEM/SOAR engineering & detection lifecycle
Collaborate closely with Product & Development teams
Influence platform enhancements through operational intelligence
Build and mentor high-performing security teams
Highlight risks and gaps in logging methodologies
Improve security posture across multi-tenant cloud and on-prem environments
Key Responsibilities
1. SOC Operations Leadership & Incident Governance
Lead 24x7 SOC operations including detection, triage, escalation, containment, and recovery.
Serve as final escalation point (L3/L4) for complex and high-severity incidents.
Define and enforce incident response lifecycle aligned with NIST, ISO 27001, and MITRE ATT&CK.
Ensure adherence to SLA / OLA targets (MTTA, MTTR, containment time).
Conduct executive-level incident briefings and publish detailed RCA reports.
Ensure compliance with organizational security policies and audit requirements.
Oversee case quality assurance and investigation standards.
2. SOC Engineering & Detection Engineering
Own SIEM/SOAR architecture optimization and performance tuning.
Lead log onboarding strategy (cloud, on-prem, hybrid environments).
Ensure proper log normalization, parsing, enrichment, and correlation.
Drive full detection use-case lifecycle:
Threat modelling
Use-case creation
Validation & tuning
Performance measurement
Decommissioning of ineffective rules
Reduce alert fatigue through risk-based alerting, contextual enrichment, and behavioural analytics.
Implement detection-as-code practices with version-controlled rule management.
Ensure high ingestion performance and scalable log retention strategies.
3. Threat Hunting & Advanced Analysis
Establish and lead proactive threat hunting programs.
Map detection coverage against MITRE ATT&CK framework.
Perform advanced investigations including:
Packet capture analysis
Endpoint telemetry analysis
Log correlation across multiple data sources
Integrate threat intelligence feeds and manage IOC lifecycle.
Identify emerging attack patterns and update detection coverage accordingly.
4. Product Engineering & Platform Enhancement Ownership
Act as the primary SOC liaison for Product and Engineering teams.
Translate operational pain points into structured enhancement requirements.
Maintain and prioritize a backlog of platform improvements.
Provide structured feedback on:
Detection gaps
Alert noise
Data ingestion latency
Query performance issues
UX inefficiencies impacting analysts
Participate in sprint planning and architecture discussions and provide inputs for enhancements
Be part of pilot validation of new features prior to production release.
Quantify impact of enhancements (false positive & incident reduction %, MTTR improvement, automation coverage growth).
5. Client Onboarding & Security Architecture Oversight
Lead secure onboarding of customers across:
AWS / Azure / GCP
On-prem data centers
Hybrid architectures
Conduct log gap assessments and telemetry validation.
Align detection coverage to client risk profiles.
Participate in customer governance calls and QBRs.
Provide architectural recommendations to improve customer security posture.
6. Team Leadership & Capability Development
Lead, mentor, and manage L1/L2/L3 analysts.
Establish skill matrix and structured career progression roadmap.
Conduct periodic case audits and performance reviews.
Develop training programs in:
Advanced detection engineering
Threat hunting
Forensics
Automation
Drive hiring, onboarding, and succession planning.
Build a high-performance, accountability-driven culture.
7. Metrics, Reporting & Continuous Improvement
Define and monitor SOC KPIs:
MTTA / MTTR
False positive ratio
Detection accuracy
Automation coverage
Incident recurrence rate & reasoning
Publish monthly executive dashboards.
Conduct quarterly SOC maturity assessments.
Drive continuous improvement roadmap aligned with business growth.
Mandatory Technical Skills
10–12 years of cybersecurity experience.
Minimum 4–5 years in SOC Lead / SOC Manager role.
Strong hands-on experience in at least one SIEM platform:
Splunk / Sentinel / QRadar / Elastic / AlienVault / DNIF / McAfee ESM.
Experience implementing SOAR automation.
Deep understanding of:
Network security (Firewall, IDS/IPS, WAF)
EDR/XDR platforms
Cloud security (AWS, Azure)
Identity & Access Management
Strong knowledge of:
MITRE ATT&CK & Defend
NIST & NIST IR Framework
Defense-in-Depth architecture
Experience with query writing and log analysis on SIEM technologies.
Preferred Technical & Engineering Skills
Scripting (Python / PowerShell / Bash) would be added advantage.
Exposure to DevSecOps environments.
Knowledge of container and Kubernetes, cloud security.
Data analytics for anomaly detection.
Familiarity with compliance frameworks:
ISO 27001
SOC 2
PCI-DSS
HIPAA
Certifications (Preferred)
CISSP / CISM
CEH
CompTIA Security+
GIAC Certifications (GCIA / GCIH / GCED)
Cloud Security Certifications (AWS / Azure / GCP/ Oracle)
Leadership Competencies
Strong executive communication and stakeholder management.
Ability to manage high-pressure incidents.
Strategic thinking with operational excellence.
Engineering mindset with product-oriented thinking.
Strong documentation and governance discipline.
Work Model
Mandatory 5-day work from office (Bangalore or Mumbai).
On-call availability during major incidents or IR situations.
