Soc Manager

About ColorTokens ColorTokens specializes in advanced security solutions designed to safeguard organizations' assets and critical systems from cyber threats. Our flagship product, Xshield Enterprise Microsegmentation platform, empowers organizations to prevent initial compromises from escalating into damaging crises. By emphasizing proactive security measures, ColorTokens ensures comprehensive protection for critical workloads and data, enabling organizations to stay "breach ready."

With a clientele spanning some of the world's largest organizations, including prominent cancer research centers, cities, and national defense departments, ColorTokens serves industries handling sensitive information and subject to stringent regulatory requirements.

ColorTokens' cloud-delivered platform streamlines onboarding efforts and reduces maintenance costs for organizations. Providing pervasive protection, their platform covers data center servers, legacy systems, cloud workloads, containers, and operational technology (OT) and Internet of Things (IoT) devices.

The company's recognition as a Strong Performer in the Forrester New Wave™ : Microsegmentation report solidifies ColorTokens' reputation as a trusted provider of microsegmentation solutions for organizations seeking to enhance their security posture.

Job Summary :

Colortokens is seeking a SOC Manager to lead our Security Operations Center (SOC), leveraging Next-Gen SIEM to detect, respond to, and mitigate security threats. The ideal candidate will have deep expertise in modern SIEM platforms, threat intelligence, and incident response while managing customers and a team of security analysts.

Job Title : SOC Manager

Location : Bangalore

Job Type : Full-time

Department : Managed Services

Key Responsibilities :

1. SOC Leadership & Operations

Oversee 24 / 7 security monitoring, detection, and response operations.

Manage, mentor, and train a team of SOC analysts, engineers, and incident responders.

Develop and optimize SOC processes, playbooks, and runbooks for effective incident handling.

Ensure continuous threat monitoring, analysis, and escalation in accordance with SLAs.

2. SIEM & Security Analytics Management

Implement, manage, and optimize Next-Gen SIEM solutions (eg : Stellar Cyber, Cortex, Chronicle etc)

Develop advanced detection rules, correlation logic, and behavioural analytics for real-time threat detection.

Integrate SIEM with EDR, NDR, SOAR, Threat Intelligence, and Cloud Security tools.

Ensure log management, normalization, and enrichment from various sources (firewalls, endpoints, cloud, IAM, etc.).

3. Threat Detection, Incident Response & Forensics

Lead security investigations, threat hunting, and forensics analysis.

Work with SOC analysts to triage and escalate security incidents (MITRE ATT&CK-based).

Oversee the incident response process and conduct post-mortem analysis for continuous improvement.

Collaborate with threat intelligence teams to enrich SIEM detections with contextual threat data.

4. Compliance, Reporting & Automation

Ensure SOC operations align with regulatory standards (ISO 27001, NIST, GDPR, SOC 2, etc.).

Develop automated detection & response workflows using SOAR (Security Orchestration, Automation, and Response).

Generate SIEM dashboards, security reports, and executive summaries for stakeholders.

Conduct tabletop exercises and Red / Blue team drills to enhance security readiness.

5. Customer & Stakeholder Engagement

Act as the primary point of contact for key customers, ensuring high-quality service delivery.

Collaborate with OEMs to address cybersecurity risks.

Present threat intelligence reports, risk assessments, and incident trends to executive stakeholders.

Drive continuous improvement initiatives based on customer feedback and security landscape changes.

Customer SLA management and ensure CSAT of greater than 4.5 / 5

6. Business Support

Work with pre-sales teams to respond to customer RFI / RFPs

Responsible for upsell and cross-sell activities

Enable / train sales teams across regions

7. Required Skills & Experience :

Technical Expertise :

12-15 years of experience in SOC operations, SIEM, and cybersecurity incident response.

Hands-on expertise with Next-Gen SIEM platforms.

Proficiency in SOAR, EDR, XDR, Cloud Security (AWS / Azure / GCP), and threat intelligence tools.

Strong knowledge of MITRE ATT&CK, Cyber Kill Chain, and NIST frameworks.

Experience in log analysis, anomaly detection, and SIEM rule creation.

Scripting skills in Python, PowerShell, or Regex for automation.

Leadership & Soft Skills :

Strong leadership experience in managing and mentoring SOC teams.

Excellent incident response and crisis management abilities.

Effective communication with technical and non-technical stakeholders including customers.

Ability to collaborate with IT, DevOps, and security teams to enhance security posture.

Preferred Certifications :

CISSP (Certified Information Systems Security Professional)

GCIA (GIAC Certified Intrusion Analyst)

GCIH (GIAC Certified Incident Handler)

SIEM Vendor Certifications