Lead – Security Architecture & SOC Engineering

Location: Gurugram

Job Type: Full-Time

Role Overview:

The role will combine security architecture review, threat modeling, detection engineering, and automation to ensure end-to-end visibility and resilience. The ideal candidate will bring expertise in SIEM, SOAR, EDR, NDR, UEBA, threat intel platforms, and open-source technologies, with a proven ability to review existing architectures, onboard new technologies, and drive enterprise-wide integrations. The candidate will also lead the MSS Build team and own BCP/DR and FCAPS lifecycle management of Airtel’s security technologies & tools.

This role works independently, owning the SOC Build end-to-end, while leading MSS teams for delivery and collaborating with other Leads as part of a unified security leadership team.

Key Responsibilities:

Strategic Impact

·        Own the security detection architecture across Airtel network, ensuring resilience against evolving telecom and enterprise threats.

·        Conduct security architecture reviews of existing technologies and assess suitability of new platforms/tools before onboarding.

·        Lead threat modeling and detection framework adoption using MoTIF, MITRE ATT&CK, NIST CSF, and telecom-specific standards (3GPP, GSMA FS.11, ISO 27011).

·        Define Airtel’ SOC (network) engineering roadmap covering SIEM, SOAR, EDR, NDR, UEBA, and automation.

Operational Excellence

·        Lead use case lifecycle management: design, development, fine-tuning, and enrichment across Splunk SIEM, SOAR, ELK, and open-source tools.

·        Lead the MSS Build Team, ensuring high-quality delivery of SOC use cases, integrations, and automation.

·        Manage the full lifecycle (FCAPS) of all security tools and Ensure BCP/DR for security platforms, maintaining continuity.

·        Review and suggest policies for EDR and NDR platforms for proactive detection.

·        Build and optimize SOAR playbooks and automation pipelines to reduce manual response efforts.

·        Drive log source strategy and integrations across telecom and enterprise domains (Core NEs, RAN, OSS/BSS, Broadband, DTH, Transport).

·        Enable threat intelligence integration (global & local feeds, TIP platforms) into detection workflows.

·        Perform gap analysis on detection coverage against MoTIF, MITRE ATT&CK, and adversary simulations.

·        Ensure continuous false positive reduction through correlation rule optimization and AI/ML enrichment.

Leadership & Collaboration

·        Partner with domain owners, architecture/design teams, OEMs and MS partners to embed detection requirements into new and existing projects/nodes/services/technologies.

·        Lead SOC engineering teams to deliver detection content, automation, and log onboarding at scale and SLA-driven delivery.

·        Work closely with SOC Ops, VAPT, and GRC teams to ensure detection readiness, audit compliance, and threat-informed defense.

·        Provide executive-level governance reports on detection coverage, technology health, automation adoption, and architecture reviews.

·        Act as the primary reviewer for all new technology integrations.

Required Skills and Experience:

·        10-12 years in SOC engineering, detection, or security architecture leadership, with telecom exposure.

IEM: Splunk, ELK, SOAR Phantom, UEBA, EDR CrowdStrike & SentinelOne, NDR, Threat Intel Platforms: MISP,Open-source stacks Wazuh etc.

ython, Bash, PowerShell

·        Experience with BCP/DR planning and execution for critical security platforms.

·        Proven expertise in tool lifecycle/FCAPS management and performance optimization.

·        Deep understanding of telecom protocols and threat vectors.

Preferred Qualifications:

·        Certifications: Splunk Architect, TOGAF, CISSP, CISM, GCDA, OSCP/OSWE (advantage).

·        Familiarity with MoTIF, MITRE ATT&CK, NIST CSF, GSMA FS.11, ISO 27011.

·        Experience in telecom SOC engineering or MSS build team leadership.

·        Exposure to cloud-native 5G security architecture and API security.

Why Join Us?

·        Play a critical leadership role in defining Airtel’s security architecture and SOC engineering strategy.

·        Lead MSS Build teams and own end-to-end lifecycle of security tools.

·        Drive BCP/DR readiness and FCAPS management of Airtel’s security stack.

·        Collaborate with global OEMs, MSSPs, regulators, and threat intel partners.

·        Shape Airtel’s next-gen SOC architecture with automation, intelligence, and resilience.