Job Description

Global Security

Location

Gurugram, India

Job Title:


SOC Lead/Manager - Cyber Monitoring & Response



We are seeking a highly skilled SOC Lead to oversee our Cyber Defence Operation Centre(CDOC), drive threat detection, and orchestrate incident response. This role demands deep technical expertise, strong leadership, and the ability to design and implement advanced security monitoring and response strategies.



The SOC Lead will be responsible for real-time monitoring, threat intelligence analysis, forensic investigations, and security automation, ensuring that the organization remains resilient against evolving cyber threats.

Location:

[Gurgaon]

Job Type:

Full-time | On-site/Hybrid

Reports To:

Associate Director of Cyber Defence Operation Centre

Key Responsibilities:

SOC Operations & Security Monitoring

Lead and manage the

24/7 Security Operations Center (SOC)

, ensuring

continuous threat detection and response

. Working extensively on

SIEM (XSIAM. Arcsight, Splunk, QRadar, ELK, Sentinel, etc.)

and other security monitoring tools. Oversee

24/7 monitoring

of security events and alerts. Ensure effective use of SIEM (Security Information and Event Management) tools. Prioritize, analyze, and manage security incidents. Improve threat intelligence capabilities and integrate with threat intelligence feeds.Continuously

optimize detection rules, correlation logic, and security alerts

to minimize false positives and improve response times.

Incident Response & Management

Develop and enforce

incident response plans (IRPs)

. Ensure timely response to cyber threats, minimizing impact. Coordinate with stakeholders during major incidents. Conduct post-incident analysis and lessons learned exercises.

EDR/XDR (Endpoint Detection & Response / Extended Detection & Response)

-----------------------------------------------------------------------------

CrowdStrike Falcon

- AI-powered threat detection with real-time response.

Palo Alto XDR

- Extended Detection and Response.

Microsoft Defender for Endpoint

- Integrated with Azure security solutions. - Behavioral AI-driven endpoint protection.

Carbon Black (VMware)

- Next-gen EDR with cloud analytics.

Sophos Intercept X

- Machine-learning-based ransomware prevention.

Threat Intelligence Platforms (TIP)

Recorded Future

- AI-driven threat intelligence analysis.

MISP (Malware Information Sharing Platform)

- Open-source threat sharing platform.

Flashpoint Threat Intel

Outseer AFCC ( Previously RSA)

IBM X-Force Exchange

- Intelligence-sharing with global threat data.

Anomali ThreatStream

- Automated threat intelligence processing.

VirusTotal Enterprise

- File and URL malware scanning with shared intelligence.

Compliance & Reporting

---------------------------

Ensure compliance with security frameworks (ISO 27001, NIST, GDPR, etc.). Maintain accurate security logs and reports for audits. Prepare executive-level reports on security incidents and risk posture.

Red Team Collaboration & Penetration Testing Support

---------------------------------------------------------

Coordinate with

Red Teams & Ethical Hackers

to improve blue team defenses and detection coverage. Assist in

purple teaming

exercises to fine-tune SOC detection capabilities against adversarial TTPs. Leverage

adversary emulation tools

(Caldera, Atomic Red Team, MITRE CALDERA) to validate detection logic.

Collaboration & Communication

----------------------------------

Act as a key liaison between IT, legal, compliance, and business units. Coordinate with external security teams, vendors, and law enforcement. Conduct security awareness training for employees.

Leadership & Team Development

----------------------------------

Lead and mentor a team of

SOC analysts (L1-L3), threat hunters, and DFIR specialists

. Foster a culture of

continuous learning

, conduct

CTF challenges

, and ensure team certifications. Define

KPIs & metrics

to measure SOC effectiveness (MTTD, MTTR, False Positive Rates, etc.). Define SOC objectives, goals, and security strategies. Align SOC operations with business and IT security objectives. Lead, mentor, and train SOC analysts and security engineers. Develop and maintain SOC policies, procedures, and playbooks.

Required Technical Skills & Experience:

Experience:

7+ years

in cybersecurity, with at least

3 years in a SOC leadership role

.

SIEM & Log Analytics:

XSIAM, ArcSight, Splunk, Elastic Stack (ELK), QRadar, Microsoft Sentinel

Threat Intelligence:

MITRE ATT&CK, Cyber Kill Chain, MISP, STIX/TAXII.

Incident Response & Forensics:

Volatility, Wireshark, FTK, EnCase, Sleuth Kit, YARA.

Endpoint Security & EDR/XDR:

CrowdStrike Falcon, Microsoft Defender, Palo Alto XDR, SentinelOne, Carbon Black.

Cloud Security:

AWS GuardDuty, Azure Security Center, Google Chronicle, CSPM, CNAPP.

Compliance & Risk:

NIST 800-53, ISO 27001, PCI-DSS, SOC2, GDPR, CIS Benchmarks.

Location:


IND Gurgaon - Bld 14 IT SEZ Unit 1, 5th, 6th and 17th Flr
Language Requirements:


Time Type:


Full time

If you are a California resident, by submitting your information, you acknowledge that you have read and have access to the

Job Applicant Privacy Notice for California Residents