Cyber Security (SOC) - Team Lead

Job Title :

Team Lead - Security Operations Center (SoC)

Location : Noida / Singapore Office

WORK FROM NOIDA OFFICE, PLEASE DON'T APPLY IF YOU ARE LOOKING FOR HYBRID OR WORK FROM HOME

Short notice period or immediate joiners are preferred.

Job Overview :

As the SOC Team Lead, you will oversee the daily operations and strategic direction of a multi-tiered Security Operations Center comprising Level 1, Level 2, and Level 3 SOC Analysts. You will ensure delivery of high-quality monitoring, detection, response, and threat intelligence services across internal and MSSP customer environments. In this leadership role, you’ll be responsible for analyst performance, escalation handling, service delivery compliance, and technical excellence. You will also lead the coordination of quarterly incident response exercises, customer reporting, and continuous process improvement initiatives.

This position plays a pivotal role in bridging tactical SOC operations and strategic business outcomes, reporting to the SOC Manager or Head of Cybersecurity Services.

Key Responsibilities :

1. Team Leadership & Tiered Analyst Management

Lead and supervise the SOC team across L1 (Monitoring / Triage), L2 (Investigation / Response), and L3 (Threat Hunting / Engineering) functions.

Set clear roles, escalation workflows, and KPIs across tiers; ensure consistent coverage, shift rotations, and SLA adherence.

Conduct regular performance reviews and targeted skill gap analysis.

Promote collaboration, accountability, and continuous learning across junior and senior analysts.

Foster readiness to handle high-severity security events through coaching and simulated training.

2. SOC Operations Oversight

Act as the final escalation point for critical, complex, or ambiguous incidents that exceed Level 3 thresholds.

Ensure effective triage, investigation, containment, and recovery workflows across all incident types.

Support 24 / 7 monitoring operations, ensuring shift efficiency, proper documentation, and accurate escalation.

Oversee the tuning and effectiveness of detection content, ensuring false positive reduction and high-fidelity alerting.

3. Customer Reporting & MSSP Service Quality

Ensure timely delivery of Weekly Threat Intelligence Digests, Biweekly Alert Tuning Reports, and Monthly / Quarterly MSSP Reports.

Review and validate customer-facing deliverables for accuracy, quality, and insight.

Lead or support monthly service review meetings and quarterly executive briefings with MSSP clients.

Track and report SOC performance against SLA / KPI metrics such as MTTD, MTTR, FPR, and escalation compliance.

4. Incident Response Tabletop & Planning

Lead planning, execution, and reporting of Quarterly Incident Response Tabletop Exercises across MSSP environments.

Collaborate with stakeholders from technical, compliance, and business functions to simulate realistic attack scenarios.

Ensure deliverables include scenario documentation, participant actions, gaps identified, and remediation plans.

5. Process Development & Optimization

Own the development, maintenance, and continuous improvement of SOC playbooks, SOPs, and runbooks across tiers.

Align SOC processes with customer onboarding requirements (log source validation, escalation matrix, SLA definitions, tooling integration).

Drive change control and governance for detection rule updates, log onboarding, and tooling enhancements.

6. Threat Intelligence & Strategic Defense

Collaborate with L3 analysts to ensure threat intelligence is operationalized into detection content and hunt scenarios.

Stay informed on industry trends, APT groups, and emerging TTPs, ensuring the SOC adapts proactively.

Required Skills & Qualifications :

1.

Education :

Bachelor’s degree in Information Security, Computer Science, or a related technical field.

Postgraduate education or executive leadership courses are advantageous.

2.

Certifications : Required :

Microsoft Certified : Security Operations Analyst Associate.

Preferred :

CompTIA CySA+, CISSP, or equivalent certifications.

GIAC (e.g., GCIA, GCIH, GMON)

CISSP or CISM

ITIL Foundation or service management certifications

English Language Proficiency :

IELTS (6.5+), TOEIC (800+), TOEFL (90+), or BEC Vantage

3.

Technical Skills :

Advanced knowledge of Microsoft Sentinel , KQL, and SOAR workflows.

Deep understanding of incident response, MITRE ATT&CK, threat intelligence, and SOC toolchains (EDR, UEBA, TIPs).

Familiarity with multi-tenant MSSP platforms, SIEM tuning, and SOC metrics reporting.

Knowledge of log source onboarding, change control processes, and secure communication protocols.

4.

Leadership & Soft Skills :

Strong leadership, coaching, and delegation skills across junior and senior technical roles.

Proven ability to translate technical findings into business-relevant impact.

Excellent communication and documentation skills for both technical teams and C-level stakeholders.

Organized, resilient, and calm under pressure, especially during major incident escalations and executive briefings.

Experience :

8-10+ years in cybersecurity or SOC operations, including 3-5+ years in a leadership role.

Prior experience managing multi-tier SOC teams or leading detection and response operations in an MSSP is highly preferred.