Director – Head of Security Operations Center

Position :

Director – Head of Security Operations Center

Location : Chennai

Key Competencies :

Strategic Vision – Ability to align SOC service evolution with MSSP business objectives.

Technical Skills – Deep understanding of modern detection and response tools, automation, and integration frameworks.

Client Orientation – Skilled in stakeholder engagement, reporting, and service quality management.

Operational Excellence – Expertise in building scalable 24x7 operations with consistent quality.

Leadership – Strong people management, mentoring, and cross-team collaboration abilities.

Innovation – Aptitude for evaluating and operationalizing emerging SOC technologies.

Deep understanding of modern detection and response tools, automation, and integration frameworks.

Communication – Ability to present complex technical insights to executives and clients clearly and effectively.

Responsible for driving execution of daily, weekly, and monthly metrics for statistical threats and KPIs.

Coordinate with global stakeholders along with the Senior management during contingency scenarios / high severity incidents to ensure responsive actions are communicated in timely manner.

Profile Description :

15+ years of experience in cybersecurity operations, with at least 5 years in SOC or MSSP leadership.

Proven experience managing multi-tenant SOC environments with diverse customer infrastructures.

Hands-on expertise in :

• Splunk Enterprise Security (use case design, data onboarding, SPL optimization).
• Palo Alto Cortex XSOAR (playbook automation, integration management, case handling).
• Google SecOps (Chronicle + SOAR) (rule development, analytics, log pipelines).

Strong understanding of SIEM / SOAR architectures, EDR, NDR, cloud telemetry, and threat intel integration.

Experience defining and managing SOC SLAs, client KPIs, and service delivery metrics.

Key Responsibilities :

Leadership and Operations Management

Lead and manage SOC functions comprising Detection, Incident Response, and SOC Engineering teams across multiple shifts and geographies.

Define and enforce SOC service delivery models, operating procedures, and SLAs aligned with client contracts.

Oversee day-to-day SOC operations for multiple customers with varying environments (on-prem, cloud, hybrid).

Ensure effective handover, escalation, and quality assurance across all shifts.

Drive KPIs for detection coverage, mean time to detect / respond (MTTD / MTTR), and client satisfaction.

Incident Response and Threat Management

Oversee the end-to-end incident lifecycle : detection, triage, containment, eradication, and recovery.

Establish and maintain client-specific runbooks, escalation matrices, and response playbooks.

Guide major incident response efforts and lead investigations for high-severity or high-impact events.

Ensure timely communication and coordination with client security teams during incidents.

Client Engagement and Risk Reporting

Serve as the primary SOC interface for strategic customer engagements.

Prepare and deliver executive risk reports, incident summaries, and detection coverage dashboards to client management teams.

Translate complex technical risks into actionable business insights for diverse client audiences.

Technology and Engineering Excellence

Provide technical direction for SIEM / SOAR / Threat Intelligence stack optimization and automation.

Lead the design and maintenance of multi-tenant architectures ensuring data segregation, scalability, and compliance.

Direct the automation of repetitive analyst tasks through playbooks and integrations in Cortex XSOAR.

Evaluate and implement emerging technologies in AI-driven detection, UEBA, threat intelligence correlation, and SOAR orchestration.

Maintain governance for log ingestion, parser accuracy, and retention policies across client environments.

Innovation and Technology Evaluation

Continuously assess and pilot next-generation tools in SIEM, SOAR, Threat Intel, and AI / ML-based detection.

Build business cases and lead proofs of concept (POCs) for promising platforms and integrations.

Foster a culture of experimentation, automation, and measurable improvement within the SOC.