SOC Lead / SOC Manager (Experienced)

• *Role Overview**

We are seeking a highly experienced and hands\-on SOC Lead / SOC Manager to lead our Security Operations Center (SOC) function, drive incident response maturity, and spearhead security automation initiatives. The ideal candidate will possess deep expertise in SOC operations, SIEM management, threat detection, incident response, threat hunting, and security orchestration through automated playbooks.

This is a critical leadership role responsible for enhancing the organization's cyber defense capabilities, reducing Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR), and implementing automation\-driven SOC efficiencies.

• *Key Responsibilities**

• SOC Leadership \& Operations
• Lead and manage 24x7 SOC operations, including L1, L2, and L3 security analysts.
• Define SOC strategy, operational processes, KPIs, SLAs, and governance frameworks.
• Establish and continuously improve detection, monitoring, and incident response capabilities.
• Drive operational excellence through regular process reviews and maturity assessments.
• Conduct incident review meetings and executive reporting.
• Security Monitoring \& Incident Response
• Oversee real\-time monitoring of security events and alerts.
• Lead investigation and containment of critical cybersecurity incidents.
• Coordinate response activities across IT, Infrastructure, Cloud, Network, and Application teams.
• Manage major incident escalations and provide leadership during cyber crisis situations.
• Ensure adherence to incident response procedures and regulatory requirements.
• Threat Detection \& Threat Hunting
• Develop advanced use cases for threat detection.
• Lead proactive threat hunting activities.
• Monitor emerging threats, vulnerabilities, and attacker TTPs.
• Enhance detection engineering capabilities aligned to the MITRE ATT\&CK framework.
• Improve detection coverage across cloud, endpoints, identity, and network environments.
• SOC Automation \& Playbook Development (Critical Requirement)
• Lead implementation of Security Orchestration, Automation and Response (SOAR) platforms.
• Design, develop, and optimize automated security playbooks.
• Automate repetitive SOC workflows to improve analyst productivity.
• Drive integration between SIEM, EDR, Threat Intelligence, ITSM, IAM, Email Security, Cloud Security, and ticketing platforms.
• Reduce manual intervention through automation and orchestration initiatives.
• Define measurable automation goals and operational efficiency metrics

• *Security Platforms \& Technologies**

• *Hands\-on expertise in:**

• SIEM Platforms (Microsoft Sentinel, Splunk, QRadar, LogRhythm, ArcSight, etc.)
• SOAR Platforms (Cortex XSOAR, Microsoft Sentinel Automation, Splunk SOAR, Swimlane, Tines, etc.)
• EDR/XDR Solutions
• Threat Intelligence Platforms
• Vulnerability Management Tools
• Cloud Security Monitoring
• Identity Security Monitoring
• Email Security Solutions
• Team Leadership \& Stakeholder Management
• Mentor and develop SOC analysts and incident responders.
• Establish analyst training and skill enhancement programs.
• Collaborate with internal stakeholders and customers.
• Present security posture updates to leadership and executive teams.
• Support audits, compliance requirements, and customer security assessments.

• *Required Qualifications**

• *Experience :**

• 8–15 years of cybersecurity experience.
• Minimum 4–5 years leading SOC operations or managing SOC teams.
• Proven experience managing enterprise\-scale SOC environments.
• Demonstrated success implementing security automation and SOAR solutions.
• Experience handling critical security incidents and cyber crisis management.

• *Technical Skills**

• *Strong understanding of:**

• Incident Response
• Threat Hunting
• Threat Intelligence
• Detection Engineering
• Security Monitoring
• SIEM Administration
• SOAR Automation
• EDR/XDR Technologies
• Cloud Security (Azure, AWS, GCP)
• Network Security
• Identity \& Access Security

• *Preferred Certifications**

• CISSP **( Preferred but not mandatory)**
• CISM
• GIAC Certifications (GCIA, GCIH, GMON, GCFA)
• Microsoft Security Certifications
• Splunk Certified Consultant/Admin
• Microsoft Sentinel Certifications
• Security Automation / SOAR Certifications

• *Preferred Candidate Profile**

• Strong leadership and decision\-making capabilities.
• Ability to manage high\-pressure security incidents.
• Strong analytical and problem\-solving skills.
• Excellent communication and stakeholder management abilities.
• Proven track record of driving SOC transformation initiatives.
• Experience building automation\-first SOC environments.
• Ability to balance operational management with hands\-on technical involvement.

• *Success Metrics**

• Reduction in MTTD and MTTR.
• Increased SOC automation coverage.
• Reduction in analyst manual effort through automated playbooks.
• Improvement in threat detection effectiveness.
• Enhanced SOC maturity and operational efficiency.
• Successful management of critical security incidents and escalations.

• *Location Requirement**

Candidate must be based in Chennai or willing to relocate immediately. Local candidates will be preferred due to the criticality of the role and stakeholder engagement requirements.

• *Priority Level**

• *Critical Hire \| Immediate Joining Preferred \| SOC Automation \& Playbook Expertise Mandatory**

Pay: ₹1,800,000\.00 \- ₹2,400,000\.00 per year

Work Location: In person