Security operation

Job Title: Lead SOC Operations

Location: Gurugram

Job Type: Full-Time

Role Overview:

The ideal candidate will combine expertise in SOC operations, incident response, digital forensics, and automation with a strong understanding of telecom protocols, IP networking, and enterprise security controls. The role demands proven leadership in SOC operations, leading incident management lifecycle, driving automation, and ensuring SLA-driven operations in collaboration with business, regulators, and partners.

This role works independently, owning the SOC Operations vertical end-to-end, while leading MSS teams for delivery and collaborating with other Leads as part of a unified security leadership team.

Key Responsibilities:

Strategic Impact

• Define the SOC operations roadmap, IR plans, and playbooks, focusing on advanced detection, automation, and continuous improvement.
• Drive adoption of SOAR, UEBA, and AI/ML models to automate repetitive tasks and accelerate response.
• Embed threat-informed defense models (MITRE ATT&CK, cyber kill chain) into operations.

Operational Excellence

• Oversee real-time monitoring, triage, and incident response across Airtel’s telecom.
• Lead & manage incident management lifecycle and crisis management.
• Direct deep-dive forensic investigations – malware analysis, memory/disk forensics, packet captures, RCA.
• Reduce false positives by fine-tuning correlation rules, queries, and enrichment logic.
• Design SOAR playbooks, scripts, and automated workflows to improve SOC efficiency.
• Develop and optimize SIEM content – dashboards, correlation rules, alerts, advanced search queries.
• Drive threat hunting initiatives and integrate results into continuous detection improvements.
• Conduct cyber drills and red/blue team simulations to validate response readiness.
• Track and report SOC KPIs – MTTA, MTTR, and incident closure SLAs, automation coverage, RCA timeliness.

Leadership & Collaboration

• Lead and mentor MSS SOC team (L1–L3 analysts).
• Coordinate with LOB leaders, domain owners, OEMs, and MSS partners for cross-domain response.
• Work closely with SOC Build & Project teams for new use case development and enrichment.
• Ensure strong user access management monitoring and governance within SOC and business systems.
• Provide executive-level reporting on incidents, RCA outcomes, automation impact, and corrective measures.
• Work as the incident commander during major threats, coordinating technical and business response.

Required Skills and Experience:

• 8–10 years in SOC operations, incident response, and forensic investigations with leadership exposure.
• Strong understanding of telecom networks and services (Mobility, Broadband, Enterprise, Transport, DTH etc).
• Advanced knowledge of IP networking, routing, and telecom protocols.
• Hands-on expertise with: SIEM: Splunk, ELK, SOAR, EDR: CrowdStrike, SentinelOne, Logscale, NDR, Forensics tools, UEBA
• Experience in reducing false positives through use case fine-tuning and correlation logic.
• Strong knowledge of threat hunting methodologies, MITRE ATT&CK, and cyber kill chain.
• Proven ability to manage regulatory compliance, crisis response, and RCA reporting.

Preferred Qualifications:

• Certifications: GCFA, GCFE, GCIA, GCIH, CISSP, CISM, Splunk/ELK/QRadar/CrowdStrike/ SentinelOne certifications.
• Telecom SOC experience with multi-vendor OEM/MS environments
• Familiarity with ISO 27011, GSMA FS.11, 3GPP, and Indian telecom regulatory frameworks.
• Experience in AI/ML-based anomaly detection pipelines.

Why Join Us?

• Lead SOC operations and technical innovation for one of India’s largest telecom infrastructures.
• Work hands-on with advanced SOC toolchains (SIEM, SOAR, EDR, NDR, AI/ML analytics).
• Collaborate with global OEMs, MSSPs, and regulators to shape telecom cyber defense.
• Drive automation, Incident management and response at national scale.