SOC Manager

1. SOC Strategy & Leadership

• Define and drive SOC strategy aligned with company vision and client needs
• Own the multi-year SOC maturity roadmap (NIST, MITRE ATT&CK, etc.)
• Lead transformation initiatives (SOAR, UEBA, automation)

2. Service DeliveryManagement

• Ensure consistent, high-quality 24x7 service delivery across all clients
• Own delivery SLAs (alert triage, IR, RCA, daily/weekly reports)
• Oversee onboarding of new clients and environments

3. Operations Oversight • Manage the full SOC lifecycle: detection, triage, IR,RCA, recovery, closure

• Lead incident war rooms for P1/P2 events
• Ensure proper shift coverage, continuity and handovers

4. People & Organizational Leadership

• Lead and manage large, multi-level teams (L1L3, TLs, SMEs)
• Design role hierarchies, shift models, backup plans
• Handle performance reviews, succession planning, L&D programs

5. Detection Engineering Oversight

• Oversee use case development, refinement, and tuning across SIEMs
• Prioritize use cases based on TI, incident learnings and threat landscape
• Ensure rule effectiveness, reduce false positives

6. Threat Intelligence Integration

• Oversee ingestion and contextualization of TI feeds (commercial + OSINT)
• Ensure TI relevance across different client industries
• Enable automated TI-to-detection correlation

7. Tools & Tech Stack Management

• Oversee SIEM, SOAR, EDR, TIP, log pipeline and ticketing platforms
• Drive tool consolidation and cost-efficiency
• Ensure uptime, performance, integration across all technologies

8. Process & SOP Governance

• Define and enforce SOC SOPs, playbooks and workflows
• Ensure process documentation, versioning and audit readiness
• Conduct periodic process gap analysis and remediation

9. Threat Hunting & Purple Teaming

• Lead proactive threat hunting and red/blue/purple teaming
• Align hunt outcomes to detection and use case gaps
• Encourage hypothesis driven investigation across clients

10. Client Management & Communication

• Be the face of the SOC to clients during onboarding, BAU and crisis
• Lead weekly/monthly calls, QBRs and audits
• Manage escalations, change requests and SLA breaches proactively

11. Incident Response Leadership

• Personally oversee major incidents (breach, ransomware, targeted attacks)
• Approve RCAs and external communication
• Drive IR tabletop exercises with internal and client stakeholders

12. Compliance & Audit Support

• Ensure SOC compliance with ISO 27001, ISO 22301, PCI DSS, RBI/SEBI/NCIIPC, GDPR, DPDPA norms
• Lead internal and client audits
• Maintain documentation, audit trails, log retention and evidencing

13. Metrics, Reporting & Dashboards

• Own SOC KPIs, analyst productivity, alert volumes, MTTR, MTTD, RCA timelines
• Maintain dashboards for internal leadership and external clients
• Enable metrics driven decisions across all layers

14. Innovation & Automation

• Drive adoption of automation via SOAR or scripting
• Sponsor threat detection ML/AI PoCs
• Push for Cyber Range, EDR auto-remediation and Zero Trust log correlation

15. Financial & Resource Management

• Own SOC budget: tools, people, infra, licenses, trainings
• Optimize costs while improving performance
• Forecast future resourcing and capacity needs

16. Multi-Tenancy Operations

• Design SOC operations for multi-tenant scalability
• Ensure logical separation of data and response for different clients
• Build reusable detection packs and onboarding accelerators

17. Collaboration with Sales & Pre-sales

• Support SoW, RFPs, pricing models
• Participate in client due diligence calls
• Help define service catalogues and tiers based on delivery capability

18. Vendor & Partner Management

• Manage relationships with SIEM, SOAR, EDR, TIP, threat feed vendors
• Drive issue resolution and roadmap alignment
• Evaluate new vendors for cost and effectiveness

19. Knowledge Management & Training

• Ensure training plans for all analyst levels
• Maintain KBs, runbooks and internal wikis
• Sponsor internal workshops, competitions, certifications

20. Business Continuity for SOC

• Own SOC BCP/DR plan
• Ensure data centre failover readiness, backup tools and alternate staffing
• Conduct periodic DR drills and service failover testing

Tool Category Common Tools

SIEM Platforms: Splunk, IBM QRadar, Microsoft Sentinel, LogRhythm, ArcSight,Exabeam

SOAR Tools:Palo Alto Cortex XSOAR, IBM Resilient, Splunk SOAR (Phantom),Siemplify

EDR/XDR Tools: CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne,Trellix, Sophos Intercept X

Threat Intel Platforms: MISP, Anomali, Recorded Future, ThreatConnect, OpenCTICase/Ticketing Systems:ServiceNow, Jira, TheHive, Remedy, Zendesk

Dashboards & BI Power BI, Tableau, Kibana, Grafana

Asset/Inventory Tools Qualys, Tenable, Rapid7, Lansweeper, CMDB systems

Communication Tools Slack, Teams, Zoom, Email (secure channels for incident comms)

Compliance/Audit Tools:

CyberMetric, Vanta, Drata, Tugboat Logic or in-house audit

evidencing systems