SOC Lead

Role Overview: You will be responsible for monitoring, analyzing, and detecting security events and incidents in the 24x7 SOC environment. Your role will involve managing, tuning, and optimizing the SIEM tool, providing recommendations to the client's security team on optimizing security controls, and working closely with the SOC manager to create operational guidelines and procedures. Additionally, you will act as the first point of escalation for the SOC team, handle escalated security incidents, and identify opportunities for continuous improvement in security operations. Key Responsibilities: - Manage, tune, and optimize SIEM tool (LogRhythm) based on business requirements - Provide recommendations to enhance security controls such as IDS/IPS, endpoint security, vulnerability management, and data loss prevention - Collaborate with the SOC manager to develop new operational guidelines, processes, and procedures - Lead and manage shifts/team in the 24x7 SOC environment - Handle escalated security incidents, conduct deep dive analysis, threat hunting, and malware analysis - Guide and mentor L1 and L2 analysts in investigating and mitigating security threats - Ensure service level agreements are met and processes are followed - Develop and mentor staff through delegation, training, and project assignments Qualifications Required: - More than 5 years of experience in the information security field - Proficiency in security operations, intrusion detection, and incident handling - Experience with security monitoring using SIEM technologies such as LogRhythm and Splunk - Strong team player with the ability to work in a challenging and dynamic environment - Knowledge of current and emerging SOC technologies and processes - Excellent communication, writing, and interpersonal skills - Strong leadership skills with the ability to prioritize and execute tasks efficiently - Proficiency in case management and ticketing systems - Familiarity with various SOC tools including LogRhythm, Sourcefire IPS/IDS, Cisco AMP, Digital Guardian, Cisco Ironport, Cloudflare, and System Center Endpoint Protection - Good understanding of network security principles, TCP/IP, Linux, Windows, etc.,