SOC Lead

SOC Lead

Location : Bangalore

Mode : Hybrid

Role Summary :

Lead and manage day-to-day SOC operations to ensure proactive detection and response to cyber threats.

Drive operational excellence, process maturity, and automation across SOC functions.

Coordinate incident response, threat intelligence, and security monitoring for enterprise or customer environments.

Key Responsibilities :

Manage and mentor SOC teams (L1&L3 analysts, incident responders).

Ensure 24x7 operational coverage through shift planning and monitoring.

Define and track SOC KPIs, SLAs, and performance metrics.

Conduct post-incident reviews and drive continuous improvement.

Ensure timely communication of incidents and status updates to leadership.

Oversee security monitoring across SIEM, SOAR, EDR, NDR, WAF, and cloud platforms.

Lead analysis, containment, eradication, and recovery during major incidents (P1 / P2).

Maintain and update incident response playbooks and escalation procedures.

Coordinate with IT and application teams for forensics and remediation.

Conduct threat hunting and root cause analysis using frameworks like MITRE ATT&CK.

Administer and optimize SIEM / SOAR solutions (e.g., Splunk, QRadar, Azure Sentinel).

Drive automation for repetitive SOC tasks using scripting or SOAR workflows.

Integrate new data sources and threat feeds into monitoring platforms.

Evaluate emerging technologies (XDR, UEBA, deception tools) for SOC enhancement.

Maintain dashboards and reports on SOC performance and threat trends.

Align SOC operations with frameworks (NIST, ISO 27001, GDPR, etc.).

Support compliance audits and reporting requirements.

Collaborate with GRC and risk teams for effective risk mitigation.

Prepare monthly / quarterly reports for management and stakeholders.

Serve as primary escalation point for security incidents.

Partner with CTI, Vulnerability Management, and Red Team functions.

Communicate security posture, incident impact, and recovery updates to leadership.

Conduct SOC awareness and readiness sessions for internal teams.

Qualifications & Skills Education & Certification :

Bachelors / Masters in Computer Science, Cybersecurity, or related field.

Certifications (preferred) : CISSP, CISM, GCIA, GCIH, CEH, CompTIA Security+, SIEM vendor certs (e.g., Splunk, Sentinel).

Technical Expertise :

Strong understanding of SIEM / SOAR platforms and log management o Endpoint and network detection tools

Cloud security monitoring (AWS, Azure, GCP) o Threat hunting, malware analysis, and digital forensics

Familiar with scripting (Python, PowerShell) for SOC automation.

Soft Skills :

Strong analytical, leadership, and decision-making skills.

Excellent communication and stakeholder management.

Proven ability to handle high-pressure incident situations.

Experience :

10-12 years in cybersecurity operations.

Minimum 3-5 years in SOC leadership or management roles.

Experience in enterprise or MSSP SOC environments preferred.