Sr. Manager, Security Operations Center (SOC)

Calix provides the cloud, software platforms, systems and services required for communications service providers to simplify their businesses, excite their subscribers and grow their value.

We are seeking a highly skilled Sr Manager, Security Operations Center (SOC) to lead and advance SOC operations across our enterprise and product environments. This pivotal role is responsible for overseeing daily SOC activities, including threat detection and response, proactive threat hunting, advanced detection engineering, threat intelligence analysis and integration, security validation, deployment and management of deception technologies, and driving automation initiatives such as AI and SOAR within the SOC. The Sr Manager will also be instrumental in developing and maturing SOC forensic capabilities.

This position combines technical expertise, program management, and people leadership, with a focus on developing talent through continuous learning, mentorship, and clear career progression opportunities.

Responsibilities and Duties :

Team Leadership & Development

Provide people leadership and coaching for the Security Operations team —supporting skill development, managing performance, and fostering a culture of quality, continual growth, and teamwork.

Conduct regular one-on-ones, provide constructive feedback, and create clear career development plans that help the SOC team advance their technical and soft skills.

Drive outcomes by managing project priorities, deadlines, and deliverables while establishing our culture focused on being results oriented.

Manage relationships with external security vendors and partners, ensuring effective service delivery and technology adoption.

Strategy & Business Impact

Assist in developing and implementing a comprehensive SOC strategy and roadmap aligned with Calix’s overall goals and risk appetite.

Define, document, and implement a SOC management and maturity framework.

Cross-Functional Technical Partnership

Act as a key liaison and trusted advisor to internal stakeholders on SOC-related matters.

Collaborate with leaders and security champions across Product, Development, IT-Ops, and Service Desk to embed security into operational workflows and instill security monitoring best practices.

Act as the technical security expert in cross-functional engagements; influence architectural decisions to enhance detectability and resilience.

Metrics & Reporting :

Strategic : Develop SOC maturity metrics and dashboards to measure detection coverage, response times, and business risk reduction

Operational : Define, collect, and analyze key security performance and risk metrics (KPIs and KRIs) to measure SOC effectiveness and drive continuous improvement.

Establish executive reporting that translates technical incidents into business impact while maintaining a blameless culture focused on systemic improvements.

Collect SOC metrics with the ability to track overall SOC spend and health.

Operational Excellence :

Become the frontline SOC service offering lead - offer technical security support and guidance to employees, serving as a trusted resource and escalation point for operational and help desk security issues.

Drive weekly operations panel reviews that ensure nothing falls through the cracks while building institutional knowledge and defining repeatable processes from every incident.

Define operational procedures that maintain 24 / 7 MDR coverage and sustainable on-call rotations for escalations.

Support compliance and audit activities by providing SOC evidence and ensuring alignment with our compliance programs.

SOC Service Offering Technical Expertise Lead

Security Operations Center (SOC) Leadership

Own and evolve the SOC service offering, including threat detection, threat intel, threat hunting, detection engineering, incident response, security validation, deception, security automation, digital forensics and serving as the primary liaison for Calix’s MDR partnership.

Incident Response :

Lead the lifecycle of escalated incidents from detection to resolution.

Conduct root cause analysis, impact assessments, and produce detailed incident reports.

Plan and execute technical tabletop exercises to improve readiness.

Threat Intelligence :

Deliver actionable intelligence by funneling threat intel into multiple solution blocklists, threat hunting hypotheses, and detection logic backlog.

Manage brand protection takedown requests.

Threat Hunting :

Apply structured frameworks to develop and execute threat hunting hypotheses.

Translate hunt results into new detection logic and response strategies.

Detection Engineering :

Implement Detection-as-Code practices with centralized repositories and deployment pipelines.

Maintain and prioritize the detection backlog based on threat landscape and business needs.

Security Automation & Innovation :

Champion the use of AI and automation to enhance CDC efficiency and effectiveness.

Evaluate and integrate advanced technologies (e.g., SIEM, SOAR, EDR / XDR) to strengthen detection and response.

Security Validation :

Utilize attack emulation tools to assess log coverage, correct detection logic, and test control effectiveness.

Integrate security validation testing into Detection-as-Code pipelines for rule verification and tuning.

Deception Technologies :

Deploy and manage deception strategies (honeypots, honeytokens) to detect stealthy adversaries.

Use deception telemetry to inform threat detection and incident response.

Digital Forensics :

Lead forensic investigations, including evidence acquisition, analysis, and reporting.

Use industry-standard tools to support post-incident analysis and legal / regulatory requirements.

Qualifications :

Bachelor's degree in information systems, Computer Science or similar

8+ years of experience in information security operations with an additional 3+ years in a leadership role.

Experience leading security operations functions, preferably leading a SOC or MDR function.

Comprehensive knowledge of cloud security operations across Azure, AWS and preferably GCP.

Advanced proficiency with the Microsoft Azure security stack including MS Sentinel, Defender XDR, Defender for Cloud, with demonstrated expertise in KQL.

Strong understanding of security operations and SOC capabilities and how the different parts interact and work with each other.

Proven ability to create sustainable team cultures where team members thrive long-term rather than burning out on repetitive tasks.

Ability to assess stakeholder needs, creatively approach solutions, and to select and influence appropriate courses of action.

Strong communication skills to simplify and deliver technical content across all organizational levels.

Strong history of taking full ownership of programs and delivering impactful results.

Demonstrated ability to develop data-driven dashboards to measure program effectiveness and deliver outcomes.

Excellent project and time management skills with the ability to manage multiple initiatives simultaneously.

Preferred :

Experience with GCP and Google SecOps

Experience with delivering or developing role-based security training tailored for technical audiences, such as system administrators, engineers, and developers.

Experience with tools like Power BI to visualize and communicate program metrics effectively.

Experience with MITRE ATT&CK, Purple Teaming, and cloud-native detection.

Experience with AI / ML-driven SOC tools.

Location : India – (Flexible hybrid work model - work from Bangalore office for 20 days in a quarter)