Job Title:

SOC Lead/Manager – Cyber Monitoring & Response

Job Description

We are seeking a highly skilled SOC Lead to oversee our Cyber Defence Operation Centre(CDOC), drive threat detection, and orchestrate incident response. This role demands deep technical expertise, strong leadership, and the ability to design and implement advanced security monitoring and response strategies.

The SOC Lead will be responsible for real-time monitoring, threat intelligence analysis, forensic investigations, and security automation, ensuring that the organization remains resilient against evolving cyber threats.

Location: [Gurgaon]
Job Type: Full-time | On-site/Hybrid
Reports To: Associate Director of Cyber Defence Operation Centre

Key Responsibilities:

SOC Operations & Security Monitoring

Lead and manage the 24/7 Security Operations Center (SOC), ensuring continuous threat detection and response.Working extensively on SIEM (XSIAM. Arcsight, Splunk, QRadar, ELK, Sentinel, etc.) and other security monitoring tools.Oversee 24/7 monitoring of security events and alerts.Ensure effective use of SIEM (Security Information and Event Management) tools.Prioritize, analyze, and manage security incidents.Improve threat intelligence capabilities and integrate with threat intelligence feeds.Continuously optimize detection rules, correlation logic, and security alerts to minimize false positives and improve response times.

Incident Response & Management

Develop and enforce incident response plans (IRPs).Ensure timely response to cyber threats, minimizing impact.Coordinate with stakeholders during major incidents.Conduct post-incident analysis and lessons learned exercises.

EDR/XDR (Endpoint Detection & Response / Extended Detection & Response)CrowdStrike Falcon – AI-powered threat detection with real-time response.Palo Alto XDR – Extended Detection and Response.Microsoft Defender for Endpoint – Integrated with Azure security solutions.– Behavioral AI-driven endpoint protection.Carbon Black (VMware) – Next-gen EDR with cloud analytics.Sophos Intercept X – Machine-learning-based ransomware prevention.

Threat Intelligence Platforms (TIP)

Recorded Future – AI-driven threat intelligence analysis.MISP (Malware Information Sharing Platform) – Open-source threat sharing platform.Flashpoint Threat IntelOutseer AFCC ( Previously RSA) IBM X-Force Exchange – Intelligence-sharing with global threat data.Anomali ThreatStream – Automated threat intelligence processing.VirusTotal Enterprise – File and URL malware scanning with shared intelligence.

Compliance & ReportingEnsure compliance with security frameworks (ISO 27001, NIST, GDPR, etc.).Maintain accurate security logs and reports for audits.Prepare executive-level reports on security incidents and risk posture.Red Team Collaboration & Penetration Testing SupportCoordinate with Red Teams & Ethical Hackers to improve blue team defenses and detection coverage.Assist in purple teaming exercises to fine-tune SOC detection capabilities against adversarial TTPs.Leverage adversary emulation tools (Caldera, Atomic Red Team, MITRE CALDERA) to validate detection logic.Collaboration & CommunicationAct as a key liaison between IT, legal, compliance, and business units.Coordinate with external security teams, vendors, and law enforcement.Conduct security awareness training for employees.Leadership & Team DevelopmentLead and mentor a team of SOC analysts (L1-L3), threat hunters, and DFIR specialists.Foster a culture of continuous learning, conduct CTF challenges, and ensure team certifications.Define KPIs & metrics to measure SOC effectiveness (MTTD, MTTR, False Positive Rates, etc.).Define SOC objectives, goals, and security strategies.Align SOC operations with business and IT security objectives.Lead, mentor, and train SOC analysts and security engineers.Develop and maintain SOC policies, procedures, and playbooks.

Required Technical Skills & Experience:

Experience: 7+ years in cybersecurity, with at least 3 years in a SOC leadership role.SIEM & Log Analytics: XSIAM, ArcSight, Splunk, Elastic Stack (ELK), QRadar, Microsoft SentinelThreat Intelligence: MITRE ATT&CK, Cyber Kill Chain, MISP, STIX/TAXII.Incident Response & Forensics: Volatility, Wireshark, FTK, EnCase, Sleuth Kit, YARA.Endpoint Security & EDR/XDR: CrowdStrike Falcon, Microsoft Defender, Palo Alto XDR, SentinelOne, Carbon Black.Cloud Security: AWS GuardDuty, Azure Security Center, Google Chronicle, CSPM, CNAPP.Compliance & Risk: NIST 800-53, ISO 27001, PCI-DSS, SOC2, GDPR, CIS Benchmarks.

Location:

IND Gurgaon - Bld 14 IT SEZ Unit 1, 5th, 6th and 17th Flr

Language Requirements:

Time Type:

Full time

If you are a California resident, by submitting your information, you acknowledge that you have read and have access to the Job Applicant Privacy Notice for California Residents