Job Opportunities

SOC Lead / Senior Consultant Specialist

Job Title: SOC Lead / Senior Consultant Specialist
Location: Kochi

Role Overview
The SOC Lead serves as a senior member of the Monitoring and Threat Detection function.
This role focuses on high-quality incident triage, technical escalation management,
continuous improvement of detection capabilities, and leading incident analysis across
enterprise-wide environments. The SOC Lead mentors L1/L2 analysts, ensures SLA
compliance, and drives process innovation within the SOC.

Key Responsibilities
• Lead deeper security investigations (L2/L3) and advanced triage of escalated alerts
across SIEM, EDR, and email security platforms.
• Collaborate with Threat Detection, Incident Response, and Threat Hunting teams to
validate and escalate potential threats.
• Oversee quality assurance of security tickets and ensure accurate root cause and kill
chain identification.
• Manage the design and optimization of detection rules, threat correlation logic, and
playbooks within SIEM/SOAR tools.
• Provide subject matter expertise in high-severity incident response and containment,
ensuring coordinated communication with clients and internal stakeholders.
• Conduct and support Purple Team simulations and threat validation exercises to
assess detection efficacy.
• Mentor and guide SOC analysts, fostering technical growth and enforcing operational
discipline.
• Coordinate with enterprise teams on email and cloud security incidents, leading
Proofpoint and Microsoft 365 Defender investigations.
• Define and maintain documentation including incident response procedures, triage
guides, and detection playbooks.
• Contribute to automation initiatives to reduce repetitive manual work and improve
response efficiency.

Additional Responsibilities
• Lead SIEM architecture and design, ensuring scalable log ingestion, parsing,
normalization, and enrichment across cloud and on-prem environments.
• Oversee SIEM administration, including connector management, health monitoring,
log source onboarding, and retention optimization.
• Define and enforce triage standards for SIEM alerts, ensuring consistent severity
classification, enrichment, and correlation logic.
• Evaluate and enhance SIEM use case lifecycle management—from requirements
gathering to rule tuning, false-positive reduction, and KPI reporting.
• Drive continuous improvement of SIEM detection coverage, aligning with threat
models, MITRE ATT&CK techniques, and emerging adversary behaviors.

Core Skills and Experience
• Over 10 years of cybersecurity operations experience, with at least 4-5 years in SOC
L2/L3 or senior incident response roles.
• Hands-on expertise with multiple SIEM platforms (e.g., AWS, Azure Wazuh, Splunk,
Log360, Elastic).
• Proficient with leading EDR tools such as CrowdStrike, Microsoft Defender,
SentinelOne, Fortinet.
• Strong working knowledge of Email Security (TAP, DLP, Threat Response,
SPF/DKIM/DMARC) tools such as FortiMail, Microsoft Purview, Proofpoint
• Expertise in attack vectors, MITRE ATT&CK mapping, threat analysis, and incident
containment strategies.
• Solid understanding of enterprise infrastructure — networks, firewalls, endpoint
platforms, OS (Windows/Linux), and web applications.
• Excellent knowledge of cloud security operations across Azure, AWS, and Google
Cloud.
• Awareness of major security frameworks: ISO 27001, NIST, CIS, OWASP, and PCI
DSS.
• Functional knowledge of SOAR automation and orchestration workflows.
Leadership and Delivery
• Lead service operations ensuring incident SLAs are consistently met.
• Conduct regular performance reviews and provide knowledge-sharing sessions to
elevate SOC maturity.
• Liaise with customers to discuss incident outcomes, mitigations, and improvement
recommendations.
• Manage process documentation and enforce consistent global SOC methodologies.
Desired Certifications
• CEH, GCIA, GCIH, CISSP, or equivalent cybersecurity certifications.
• Vendor-specific credentials (Microsoft, Proofpoint, or SIEM/EDR certifications)
preferred.

Additional Attributes
• Strong analytical, investigative, and documentation skills.
• Excellent communication and presentation abilities.
• Self-driven with ability to manage multiple escalations under pressure.
• Flexible to work in a 24x7 rotational environment if required.