Manager

Role Overview

We are seeking a highly experienced and technically strong SOC Manager to lead and evolve our Security Operations Center into a mature, engineering-driven, and outcome-focused capability in the AI driven world.

This Role Requires a Hybrid Leader Who Can

• Drive 24x7 SOC operations excellence
• Own SIEM/SOAR engineering & detection lifecycle
• Collaborate closely with Product & Development teams
• Influence platform enhancements through operational intelligence
• Build and mentor high-performing security teams
• Highlight risks and gaps in logging methodologies
• Improve security posture across multi-tenant cloud and on-prem environments
  

• SOC Operations Leadership & Incident Governance
• Lead 24x7 SOC operations including detection, triage, escalation, containment, and recovery.
• Serve as final escalation point (L3/L4) for complex and high-severity incidents.
• Define and enforce incident response lifecycle aligned with NIST, ISO 27001, and MITRE ATT&CK.
• Ensure adherence to SLA / OLA targets (MTTA, MTTR, containment time).
• Conduct executive-level incident briefings and publish detailed RCA reports.
• Ensure compliance with organizational security policies and audit requirements.
• Oversee case quality assurance and investigation standards.
• SOC Engineering & Detection Engineering
• Own SIEM/SOAR architecture optimization and performance tuning.
• Lead log onboarding strategy (cloud, on-prem, hybrid environments).
• Ensure proper log normalization, parsing, enrichment, and correlation.
• Drive full detection use-case lifecycle:
• Threat modelling
• Use-case creation
• Validation & tuning
• Performance measurement
• Decommissioning of ineffective rules
• Reduce alert fatigue through risk-based alerting, contextual enrichment, and behavioural analytics.
• Implement detection-as-code practices with version-controlled rule management.
• Ensure high ingestion performance and scalable log retention strategies.
• Threat Hunting & Advanced Analysis
• Establish and lead proactive threat hunting programs.
• Map detection coverage against MITRE ATT&CK framework.
• Perform advanced investigations including:
• Packet capture analysis
• Endpoint telemetry analysis
• Log correlation across multiple data sources
• Integrate threat intelligence feeds and manage IOC lifecycle.
• Identify emerging attack patterns and update detection coverage accordingly.
• Product Engineering & Platform Enhancement Ownership
• Act as the primary SOC liaison for Product and Engineering teams.
• Translate operational pain points into structured enhancement requirements.
• Maintain and prioritize a backlog of platform improvements.
• Provide structured feedback on:
• Detection gaps
• Alert noise
• Data ingestion latency
• Query performance issues
• UX inefficiencies impacting analysts
• Participate in sprint planning and architecture discussions and provide inputs for enhancements
• Be part of pilot validation of new features prior to production release.
• Quantify impact of enhancements (false positive & incident reduction %, MTTR improvement, automation coverage growth).
• Client Onboarding & Security Architecture Oversight
• Lead secure onboarding of customers across:
• AWS / Azure / GCP
• On-prem data centers
• Hybrid architectures
• Conduct log gap assessments and telemetry validation.
• Align detection coverage to client risk profiles.
• Participate in customer governance calls and QBRs.
• Provide architectural recommendations to improve customer security posture.
• Team Leadership & Capability Development
• Lead, mentor, and manage L1/L2/L3 analysts.
• Establish skill matrix and structured career progression roadmap.
• Conduct periodic case audits and performance reviews.
• Develop training programs in:
• Advanced detection engineering
• Threat hunting
• Forensics
• Automation
• Drive hiring, onboarding, and succession planning.
• Build a high-performance, accountability-driven culture.
• Metrics, Reporting & Continuous Improvement
• Define and monitor SOC KPIs:
• MTTA / MTTR
• False positive ratio
• Detection accuracy
• Automation coverage
• Incident recurrence rate & reasoning
• Publish monthly executive dashboards.
• Conduct quarterly SOC maturity assessments.
• Drive continuous improvement roadmap aligned with business growth.
  

• 10–12 years of cybersecurity experience.
• Minimum 4–5 years in SOC Lead / SOC Manager role.
• Strong hands-on experience in at least one SIEM platform:
• Splunk / Sentinel / QRadar / Elastic / AlienVault / DNIF / McAfee ESM.
• Experience implementing SOAR automation.
• Deep understanding of:
• Network security (Firewall, IDS/IPS, WAF)
• EDR/XDR platforms
• Cloud security (AWS, Azure)
• Identity & Access Management
• Strong knowledge of:
• MITRE ATT&CK & Defend
• NIST & NIST IR Framework
• Defense-in-Depth architecture
• Experience with query writing and log analysis on SIEM technologies.
  

• Scripting (Python / PowerShell / Bash) would be added advantage.
• Exposure to DevSecOps environments.
• Knowledge of container and Kubernetes, cloud security.
• Data analytics for anomaly detection.
• Familiarity with compliance frameworks:
• ISO 27001
• SOC 2
• PCI-DSS
• HIPAA
  

• CISSP / CISM
• CEH
• CompTIA Security+
• GIAC Certifications (GCIA / GCIH / GCED)
• Cloud Security Certifications (AWS / Azure / GCP/ Oracle)
  

• Strong executive communication and stakeholder management.
• Ability to manage high-pressure incidents.
• Strategic thinking with operational excellence.
• Engineering mindset with product-oriented thinking.
• Strong documentation and governance discipline.
  

• Mandatory 5-day work from office (Bangalore or Mumbai).
• On-call availability during major incidents or IR situations.