SOC Lead Manager Cyber Monitoring And Response

Job Title:

SOC Lead/Manager – Cyber Monitoring & Response

Job Description

We are seeking a highly skilled SOC Lead to oversee our Cyber Defence Operation Centre(CDOC), drive threat detection, and orchestrate incident response. This role demands deep technical expertise, strong leadership, and the ability to design and implement advanced security monitoring and response strategies.

The SOC Lead will be responsible for real-time monitoring, threat intelligence analysis, forensic investigations, and security automation, ensuring that the organization remains resilient against evolving cyber threats.

Location: [Gurgaon]

Job Type: Full-time | On-site/Hybrid

Reports To: Associate Director of Cyber Defence Operation Centre

Key Responsibilities:

SOC Operations & Security Monitoring

• Lead and manage the 24/7 Security Operations Center (SOC), ensuring continuous threat detection and response.
• Working extensively on SIEM (XSIAM. Arcsight, Splunk, QRadar, ELK, Sentinel, etc.) and other security monitoring tools.
• Oversee 24/7 monitoring of security events and alerts.
• Ensure effective use of SIEM (Security Information and Event Management) tools.
• Prioritize, analyze, and manage security incidents.
• Improve threat intelligence capabilities and integrate with threat intelligence feeds.Continuously optimize detection rules, correlation logic, and security alerts to minimize false positives and improve response times.
  
  

• Develop and enforce incident response plans (IRPs).
• Ensure timely response to cyber threats, minimizing impact.
• Coordinate with stakeholders during major incidents.
• Conduct post-incident analysis and lessons learned exercises.
  
  

• CrowdStrike Falcon – AI-powered threat detection with real-time response.
• Palo Alto XDR – Extended Detection and Response.
• Microsoft Defender for Endpoint – Integrated with Azure security solutions.
• – Behavioral AI-driven endpoint protection.
• Carbon Black (VMware) – Next-gen EDR with cloud analytics.
• Sophos Intercept X – Machine-learning-based ransomware prevention.
  
  

• Recorded Future – AI-driven threat intelligence analysis.
• MISP (Malware Information Sharing Platform) – Open-source threat sharing platform.
• Flashpoint Threat Intel
• Outseer AFCC ( Previously RSA)
• IBM X-Force Exchange – Intelligence-sharing with global threat data.
• Anomali ThreatStream – Automated threat intelligence processing.
• VirusTotal Enterprise – File and URL malware scanning with shared intelligence.
  
  

• Ensure compliance with security frameworks (ISO 27001, NIST, GDPR, etc.).
• Maintain accurate security logs and reports for audits.
• Prepare executive-level reports on security incidents and risk posture.
  
  

• Coordinate with Red Teams & Ethical Hackers to improve blue team defenses and detection coverage.
• Assist in purple teaming exercises to fine-tune SOC detection capabilities against adversarial TTPs.
• Leverage adversary emulation tools (Caldera, Atomic Red Team, MITRE CALDERA) to validate detection logic.
  
  

• Act as a key liaison between IT, legal, compliance, and business units.
• Coordinate with external security teams, vendors, and law enforcement.
• Conduct security awareness training for employees.
  
  

• Lead and mentor a team of SOC analysts (L1-L3), threat hunters, and DFIR specialists.
• Foster a culture of continuous learning, conduct CTF challenges, and ensure team certifications.
• Define KPIs & metrics to measure SOC effectiveness (MTTD, MTTR, False Positive Rates, etc.).
• Define SOC objectives, goals, and security strategies.
• Align SOC operations with business and IT security objectives.
• Lead, mentor, and train SOC analysts and security engineers.
• Develop and maintain SOC policies, procedures, and playbooks.
  
  

• Experience: 7+ years in cybersecurity, with at least 3 years in a SOC leadership role.
• SIEM & Log Analytics: XSIAM, ArcSight, Splunk, Elastic Stack (ELK), QRadar, Microsoft Sentinel
• Threat Intelligence: MITRE ATT&CK, Cyber Kill Chain, MISP, STIX/TAXII.
• Incident Response & Forensics: Volatility, Wireshark, FTK, EnCase, Sleuth Kit, YARA.
• Endpoint Security & EDR/XDR: CrowdStrike Falcon, Microsoft Defender, Palo Alto XDR, SentinelOne, Carbon Black.
• Cloud Security: AWS GuardDuty, Azure Security Center, Google Chronicle, CSPM, CNAPP.
• Compliance & Risk: NIST 800-53, ISO 27001, PCI-DSS, SOC2, GDPR, CIS Benchmarks.