SOC Manager

Role:

Microsoft Sentinel & SOC Services

Location: Bangalore (Work from Office)

Department:

Reporting To:

Job Summary

We are seeking a highly skilled and experienced SOC Manager to lead our Security Operations Center (SOC), with deep expertise in Microsoft Sentinel and Microsoft Security technologies. The ideal candidate will be responsible for managing 24x7 SOC operations, overseeing a multi-tier analyst team, and ensuring effective detection, response, and continuous improvement across all security monitoring services. This role requires strong technical leadership, operational discipline, and a forward-thinking approach to evolve the SOC using automation, threat intelligence, machine learning, and purple teaming.

Key Responsibilities

Lead and manage end-to-end SOC operations including Tier 1, 2, and 3 analysts, threat hunters, and incident responders.

Design and optimize SIEM workflows, detection rules, hunting queries, and SOAR playbooks using Microsoft Sentinel.

Ensure timely triage, investigation, containment, and response to security incidents as per SLAs.

Build and maintain automation workflows using Logic Apps for Sentinel-based SOAR.

Integrate and manage diverse log sources, including Defender suite, cloud workloads, identity platforms, and third-party security solutions.

Drive continuous improvement through automation, ML-based detections, threat hunting, and purple teaming.

Develop, review, and maintain SOC runbooks, playbooks, and use case libraries.

Define and report on key metrics such as MTTD, MTTR, alert-to-incident ratio, and false positive rates.

Ensure SOC alignment with regulatory and industry frameworks (NIST, ISO 27001, RBI, GDPR).

Collaborate with internal and external stakeholders on incident reviews, compliance audits, and threat landscape updates.

Participate in client onboarding, governance meetings, and SOC service reviews.

Ability to manage distributed teams across time zones with a strong focus on collaboration, mentorship, and performance management.

Required Skills and Experience

6 - 12 years of experience in cybersecurity operations, with minimum 24 years in a SOC leadership role.

Proven hands-on experience managing Microsoft Sentinel in MSSP or enterprise environments.

Expertise in KQL, UEBA, custom rule tuning, Sentinel analytics, and connector integrations.

Knowledge of MITRE ATT&CK, threat modeling, and detection engineering.

Experience with incident response lifecycle, forensic investigations, and root cause analysis.

Strong knowledge of Microsoft 365 Defender stack (Defender for Endpoint, Identity, O365, Cloud Apps).

Experience integrating with platforms like ServiceNow, Freshdesk and other Ticketing Systems

Strong stakeholder communication, executive reporting, and client-facing experience.

Preferred Certifications

SC-200: Microsoft Security Operations Analyst

SC-100: Microsoft Cybersecurity Architect

AZ-500: Azure Security Engineer Associate