SOC Lead , L3

Role: SOC LeadLocation: BengaluruShift Timing: Rotational Shift (9-hrs * 5 Days a week) – Hybrid.

Position Summary :This position oversees incident management, leads a team of security analysts, and advances the security incident response process. You'll collaborate across teams to gather information, enhance technical investigative abilities, and devise solutions safeguarding sensitive data and assets while ensuring compliance. Responsibilities extend to securing cloud and on-premises infrastructures. As part of the Cyber Security Incident Response Team (CSIRT), you'll liaise with IT Operation and other units to assess incidents and coordinate responses.With the ability in Incident Response, you'll manage analysts, respond to incidents, enhance response processes, and bolster investigative capabilities. Additionally, you'll craft advanced use cases, playbooks, and procedure documents to ensure advanced data detection and risk mitigation capability in SIEM and other detection tools.

WHAT YOU WILL BE DOING

• Conduct threat monitoring, detection, event analysis, incident response/reporting, forensics, and threat-hunting activities within the 24/7 Cyber Security Fusion Centre / SOC. Monitor real-time channels, dashboards, periodic reports, email inboxes, helpdesk or ticketing systems, telephone calls, and chat sessions.
• Swiftly address security incidents, with expertise in cybersecurity incident response and in-depth configuration knowledge of enterprise security infrastructure, including SIEM SOAR, EDR, antivirus software, email security gateways, DLP, CNAPP, WAF, VPNs, firewalls, IPS/IDS, AWS and Azure cloud infrastructure, proxies, domain controllers, DNS, DHCP, and multi-factor authentication.
• Ensure adherence to SLAs for cyber security events and incidents, refine processes to enhance operational goals, and develop strategies to strengthen the Security Operations Framework. Review policies and find challenges in SLA management.
• Configure and troubleshoot SIEM (Securonix), ensuring continuous operation and effectiveness in safeguarding the organization's digital assets. Analyse security logs, network traffic, and system event data to find patterns, anomalies, and potential security breaches. Conduct incident investigations as needed.
• Implement, integrate, fine-tune, and operationalize SIEM, SOAR, UEBA, and Packet Capture components—aid in integrating SIEM and SOAR systems into the security incident response program. Create advanced threat detection use cases and relevant SOC SOPs, playbooks, new procedures documents, SOC runbooks, and IR templates.
• Create daily, weekly, and monthly Security Operations Centre KPI scorecards for the InfoSec Head of Operations and the extended audience. Ensure no alerts, security events, or incidents are overlooked during shift handovers. Maintain monthly SLAs for all security events and incidents detected.
• Lead the Cyber Hunting team with advanced investigations as needed. Serve as a subject matter expert in at least three security-related areas.
• Actively pursue self-improvement through continuous learning and advancement to a SOC Shift Lead role. Provide shift status and metric reporting. Support weekly Operations calls.

WHAT YOU BRING

• Qualifications:  A bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field is often preferred.
• Certification: Certified Information Security Manager (CISM), Certified Intrusion Analyst (GIAC), Continuous Monitoring (GMON), Certified Ethical Hacker (CEH) or equivalent.
• 8 to 12 years of working experience in Security Operation Centre.


• Must have Skills: 
• Willing to work in shifts - 24/7 schedule (9 hours rotational shift model with five working days a week).
• A minimum of 10 years of experience in security incident response or a security operations centre (SOC) is needed.
• Experience in security technologies such as: 
• 1.      Security information and event management (SIEM).
• 2.      Cloud security detection and mitigation tools 
• 3.      Web Application Firewall (WAF).
• 4.      Intrusion Prevention System.
• 5.      Data Loss Prevention (DLP).
• 6.      Web Content filtering 
• 7.      Endpoint detection and response (EDR). 
• 8.      Antivirus, Sandboxing, network- and host-based firewalls.
• 9.      Threat Intelligence.
• 10.  Penetration Testing. 
• Knowledge of Advanced Persistent Threats (APT) tactics, techniques, and procedures. 
• Good understanding of MITRE attack framework.
• Understanding attack activities such as network probing/ scanning, DDOS, and malicious code activity. 
• Should understand alerts generated by SIEM, EDR, Antivirus, Email Security Gateway, DLP, CNAPP, WAF, VPN & various log sources.
• Robust analytical and problem-solving abilities to evaluate and resolve security alerts and events and escalate confirmed incidents for proper mitigation measures.
• Thoroughly document and track all incidents using a structured five-step process (facts, impacts, root cause, corrective actions, lessons learned), including all right information.
• Ability in coordinating incident response activities across various teams and departments within the organization.
• The candidate should actively seek indications of advanced threats across the cloud infrastructure network and endpoints, using both threat intelligence and advanced analytics.
• Demonstrating a comprehensive grasp of malware behavior, reverse engineering methodologies, and sandboxing utilities for examining malicious software. Proficiently applying digital forensics tools and methods to probe security incidents and breaches.
• The candidate should be proficient in scripting languages like Python, PowerShell, or Bash, which automate routine tasks and streamline security operations.
• Strong verbal and written communication skills should be needed to document incidents, communicate with stakeholders, and collaborate with other teams.
• Should have good knowledge of relevant regulatory requirements (such as GDPR, FedRAMP, PCI DSS) and experience ensuring SOC compliance with these standards.
• Forceful communication and people skills to consult with senior management, stakeholders, and external parties.