Oversee real-time incident handling, escalation management, and response coordination for cyber threats, breaches, and anomalies  Act as the primary escalation point during high-severity incidents, ensuring containment and rapid resolution  Design and maintain incident response runbooks, playbooks, SLA matrices, and crisis communication protocols  Lead and manage triage activities  Ensure tight integration between SOC operations, threat intelligence, DFIR, and red/blue teams  Drive detection engineering efforts to improve alert quality, correlation logic, and MITRE ATT&CK mapping  Implement continuous improvement programs in MTTR, false positive reduction, and analyst productivity  Lead post-incident RCA reviews, reporting, and feedback loops to enhance readiness  Manage relationships with OEMs, MSSPs, and security product vendors for technology alignment  Mentor SOC managers, team leads, and analysts to build a resilient and responsive operations team  Ensure compliance with security and privacy standards (e.g., NIST, IEC 62443, ISO 27001, DPDP Act)  Deep expertise in SIEM (e.g., Splunk, QRadar, LogRhythm, SentinelOne), SOAR platforms, EDR/XDR tools, threat intelligence platforms  Strong knowledge of network security, log analysis, endpoint telemetry, and OT-specific telemetry correlation  Familiarity with MITRE ATT&CK, cyber kill chain, and threat hunting techniques  Knowledge of OT security architectures including SCADA, PLCs, DCS, and OT network segmentation  Scripting and automation exposure (Python, PowerShell, Bash) preferred  Familiarity with OT SOC environments, ICS protocol detection (Modbus, DNP3), and industrial anomaly detection tools (e.g., Nozomi, Claroty) 

Leadership & Personality Traits: 

Strategic thinker with an operations-first mindset and execution rigor  Calm, decisive, and clear-headed in crisis and high-pressure scenarios  Strong stakeholder engagement and communication skills across technical and executive levels  Proven ability to lead multi-location teams with cultural sensitivity and high performance  Continuous learner with a growth mindset and passion for cybersecurity excellence 

 

Preferred Industry Background: 

Large industrial conglomerates (Power, Ports, Renewables, Mining, Airports)  OT and IT OEMs  MSSPs, SOC service providers  Consulting firms with cyber defence practices (e.g., Big 4)  Bachelor’s or Master’s in Cybersecurity, Computer Science, or Engineering  Preferred certifications: CISSP, CISM, GCIA, GCIH, or SOC-related credentials  12 + years of cybersecurity experience, with at least 6 years in SOC/IR leadership roles  Experience managing global SOC operations or OT-specific cyber operations is a strong plus