Security Operations Centre (SOC) - Lead

Location: Pune(Aundh/Baner),India (On-site, In-House SOC)

Department: Security Operations Center

Experience: 4–6 Years

Work Type: Full-time| Hybrid Model | 24x7 Rotational Shifts

Role Overview:

We are looking for an experienced and technically strong SOC Lead / Senior Engineer who will own and manage the core administration, tuning, detection engineering, and incident response infrastructure within the Security Operations Center. This is a hands-on technical role for someone who thrives in a high-paced, cloud-first environment and has expertise in SIEM (QRadar), XDR (CrowdStrike), DLP (Netskope), Deception (Canary), TIP/SOAR, and AWS Security.

Key Responsibilities:

• Monitor, investigate, and close security incidents using QRadar SIEM, with deep expertise in offense triage and management.
• Administer and fine-tune configurations across multiple security platforms including QRadar, CrowdStrike XDR, Netskope DLP, Canary, Sysdig/Falco, and G-Suite Security to ensure optimal performance.
• Architect and deploy new SIEM content such as correlation rules, filters, dashboards, active lists, reports, and trends based on threat intelligence and business needs.
• Lead use case design and development for new detections based on the evolving threat landscape and attack techniques (MITRE ATT&CK alignment).
• Own the log onboarding lifecycle, including parsing, normalization, and enrichment for diverse AWS services and third-party SaaS platforms.
• Manage SLAs for incident detection, escalation, and resolution; ensure robust reporting and analytics for SOC operations.
• Conduct advanced threat hunting, packet-level analysis, and proactive detection activities using telemetry and behavioral analytics.
• Integrate and manage SOAR and TIP tools to drive automation and enrichment in incident response workflows.
• Lead vulnerability assessments and penetration testing activities in collaboration with infrastructure and DevSecOps teams.
• Develop and test incident response plans (IRPs) and playbooks for high-impact scenarios like ransomware, insider threats, and data exfiltration.
• Stay abreast of the latest threats, vulnerabilities, and exploits; conduct periodic threat briefings and internal knowledge transfers.
• Maintain detailed documentation of configurations, security procedures, SOPs, incident reports, and audit logs.
• Mentor junior SOC analysts and provide technical guidance during critical incidents and escalations.
• Creation of reports, dashboards, metrics for SOC operations and presentation to Sr. Management.
• Experience in Designing and deploying use cases for SIEM and other security devices.
• Continuously monitor security alerts and events to identify potential security incidents or threats.
• Follow standard operating procedures (SOPs), incident response runbooks, and recommend improvements where necessary.
• Understanding of network protocols (TCP/IP stack, SSL/TLS, IPSEC SMTP/IMAP, FTP, HTTP, etc.).
• Hands-on experience in security monitoring, Incident Response (IR), security tools configuration, and security remediation.
• Understanding of Operating System, Web Server, database, and Security devices (firewall/NIDS/NIPS) logs and log formats.
• Ensure all actions are compliant with internal policies, security standards, and regulatory requirements.

Required Skills & Experience:

• Minimum 4 years of experience in SOC operations, including administrative expertise in SIEM platforms (preferably QRadar).
• Strong hands-on knowledge of SIEM tuning, content development, threat detection, and incident handling.
• Expertise in 3 or more of the following: SIEM (QRadar), XDR (CrowdStrike), SOAR/TIP Platforms, DLP (Netskope), Cloud Security (AWS), Deception Technology (Canary)
• Experience with network traffic analysis, packet capture tools, and deep dive investigations.
• Strong analytical, problem-solving, and decision-making skills.
• Familiarity with security frameworks such as MITRE ATT&CK, NIST, and CIS Controls.

Preferred Qualifications:

• Professional certifications such as GCIA, GCED, GCIH, CEH, CCSP, AWS Security Specialty, or QRadar Certified Specialist.
• Prior experience in managing an in-house 24x7 SOC or leading shift teams.

What We Offer:

• Work on a modern cloud-native security stack in a dynamic FinTech environment.
• Opportunity to lead security engineering and detection strategy for critical financial platforms.
• Be part of a tight-knit, expert-level team with a strong learning and innovation culture.
• Competitive salary, performance-based incentives, and growth opportunities.