Job Description

Responsibilities:

• Oversee real-time incident handling, escalation management, and response coordination for cyber threats, breaches, and anomalies
• Act as the primary escalation point during high-severity incidents, ensuring containment and rapid resolution
• Design and maintain incident response runbooks, playbooks, SLA matrices, and crisis communication protocols
• Lead and manage triage activities
• Ensure tight integration between SOC operations, threat intelligence, DFIR, and red/blue teams
• Drive detection engineering efforts to improve alert quality, correlation logic, and MITRE ATT&CK mapping
• Implement continuous improvement programs in MTTR, false positive reduction, and analyst productivity
• Lead post-incident RCA reviews, reporting, and feedback loops to enhance readiness
• Manage relationships with OEMs, MSSPs, and security product vendors for technology alignment
• Mentor SOC managers, team leads, and analysts to build a resilient and responsive operations team
• Ensure compliance with security and privacy standards (e.g., NIST, IEC 62443, ISO 27001, DPDP Act)
• Deep expertise in SIEM (e.g., Splunk, QRadar, LogRhythm, SentinelOne), SOAR platforms, EDR/XDR tools, threat intelligence platforms
• Strong knowledge of network security, log analysis, endpoint telemetry, and OT-specific telemetry correlation
• Familiarity with MITRE ATT&CK, cyber kill chain, and threat hunting techniques
• Knowledge of OT security architectures including SCADA, PLCs, DCS, and OT network segmentation
• Scripting and automation exposure (Python, PowerShell, Bash) preferred
• Familiarity with OT SOC environments, ICS protocol detection (Modbus, DNP3), and industrial anomaly detection tools (e.g., Nozomi, Claroty)

Leadership & Personality Traits:

• Strategic thinker with an operations-first mindset and execution rigor
• Calm, decisive, and clear-headed in crisis and high-pressure scenarios
• Strong stakeholder engagement and communication skills across technical and executive levels
• Proven ability to lead multi-location teams with cultural sensitivity and high performance
• Continuous learner with a growth mindset and passion for cybersecurity excellence

Preferred Industry Background:

• Large industrial conglomerates (Power, Ports, Renewables, Mining, Airports)
• OT and IT OEMs
• MSSPs, SOC service providers
• Consulting firms with cyber defence practices (e.g., Big 4)

Qualifications:

• Bachelor's or Master's in Cybersecurity, Computer Science, or Engineering
• Preferred certifications: CISSP, CISM, GCIA, GCIH, or SOC-related credentials
• 12 + years of cybersecurity experience, with at least 6 years in SOC/IR leadership roles
• Experience managing global SOC operations or OT-specific cyber operations is a strong plus

Skills Required