Purpose of the Role

We are seeking a seasoned and strategic Security Operations Incident Response Manager to lead our offshore SOC operations based in India. This role will manage 24x7x365 global security monitoring and response coverage for non-U.S. hours, operating in close partnership with the U.S.-based SOC Manager. As the senior-most cybersecurity leader on-site, this role will also act as the India cybersecurity center lead—ensuring alignment with global security strategies, driving maturity efforts, and fostering strong local collaboration across IT and business units.

Key Responsi ilities

Incident Response & SOC Leadership

• Lead and manage a team of SOC analysts and leads to ensure full-time (24x7x365) coverage for global security monitoring and incident response.
• Act as primary escalation point during off-hours (non-U.S. business hours) for high-severity security incidents.
• Ensure all incidents are triaged, contained, and resolved in accordance with SLAs, security best practices, and playbooks.
• Maintain direct involvement in major incidents, coordinating technical bridge calls and global incident handoffs with the U.S. SOC.
• Oversee post-incident reviews and ensure the integration of lessons learned into enhanced processes.

Off-shore Operations Management

• Oversee day-to-day SOC operations from the India Cybersecurity Delivery Center, driving consistent execution and operational rigor.
• Develop and manage analyst shift schedules and coverage models that ensure resilience while preventing burnout.
• Ensure SOC tooling and detection workflows (e.g., QRadar, Cortex XSOAR/XDR) are optimized and aligned with global standards.

Cross-Regional Collaboration

• Work in tight coordination with the U.S. SOC Manager to enable a unified “follow-the-sun” incident response model.
• Participate in global SOC planning, playbook development, threat analysis, and knowledge sharing efforts.
• Act as a trusted regional liaison across time zones, providing continuity and maintaining situational awareness of evolving incidents.

India Center Cybersecurity Leadership

• Serve as the acting cybersecurity leader within the India center, representing the global security function locally.
• Partner with India-based IT, engineering, and compliance teams to promote cybersecurity culture, awareness, and alignment with global policy.
• Support talent development through hiring, onboarding, coaching, and mentoring the local security team.

Metrics, Process, and Continuous Improvement

• Develop, refine, and own key performance indicators (KPIs) and operational metrics that measure SOC performance, analyst effectiveness, and incident handling quality.
• Track and analyze metrics such as MTTR, incident volume, false positive rates, and automation usage to identify improvement opportunities.
• Create and deliver monthly PowerPoint decks to support stakeholder and partner awareness of key incidents, emerging threats, operational performance, and ongoing maturity initiatives.
• Drive the use of SOAR platforms and automation to streamline operations and reduce manual effort.
• Lead retrospectives and lessons-learned sessions to continuously evolve SOC processes, capabilities, and readiness.

Minimum Requirements:

• BE-BTECH in Computer Science, Cybersecurity, Information Systems, or a related field; Master’s degree preferred 12-15 years of IT experience, with at least 8+ years within a SOC or cybersecurity incident response environment and 4+ years of leadership
• Strong background in managing global security operations with 24x7 coverage models.
• Deep understanding of detection and response workflows, threat actor TTPs, and tools such as SIEM (QRadar), EDR (Cortex XDR), and SOAR (Cortex XSOAR).
• Demonstrated ability to lead under pressure during complex or high-severity incidents.

Preferred Requirements

• Experience acting as a regional cybersecurity leader or site lead in a large enterprise setting.
• Familiarity with NIST 800-61, ISO 27035, MITRE ATT&CK, and incident response lifecycle best practices.
• Security certifications such as GCIH, GCFA, CISSP, CISM, or equivalent.