Black Box - Global SOC Manager - SIEM Tools (3-8 yrs)

Position : Global SOC Manager

Location : Mumbai

Work Model : Onsite (Work from Office)

Role Overview :

We are seeking a technically skilled and experienced Global SOC Manager who will lead our Security Operations Center (SOC) situated in India, US and very soon in Australia.

This role combines perational excellence with a customer-focused approach to drive innovative cybersecurity solutions.

The ideal candidate will demonstrate expertise in SOC operations, advanced security technologies, and business acumen to align security services with client requirements.

Key Responsibilities :

SOC Operations Management :

- Oversee and manage 24/7 SOC operations, ensuring alignment with service level agreements (SLAs) and client expectations.

- Develop and implement advanced detection methodologies using SIEM, SOAR, and XDR platforms to enhance threat visibility.

- Lead the design and fine-tuning of detection use cases, threat hunting playbooks, and automated workflows.

- Monitor and improve SOC KPIs, including MTTR (Mean Time to Respond), detection rates, and incident escalation timelines.

- Guide the team in responding to sophisticated threats, such as ransomware, APTs (Advanced Persistent Threats), and zero-day vulnerabilities.

Technology and Process Management :

- Manage the deployment and integration of SOC tools such as :

1. SIEM Platforms : Splunk, QRadar, LogRhythm, Sentinel, and Elastic.

2. SOAR Platforms : Palo Alto Cortex XSOAR, Splunk Phantom, or Demisto.

3. Endpoint Security Solutions : CrowdStrike, Carbon Black, SentinelOne, or Microsoft Defender for Endpoint.

4. Vulnerability Management Tools : Tenable, Qualys, or Rapid7.

5. Threat Intelligence Platforms : Recorded Future, Anomali, ThreatConnect, or MISP.

- Lead the automation of routine SOC tasks through scripting (Python, PowerShell, or Bash) and SOAR platforms.

- Ensure log source integration, parsing, and normalization for diverse environments, including cloud-native services (AWS, Azure, Google Cloud).

- Implement monitoring strategies for OT and IoT environments using tools like Nozomi Networks, Dragos, or Claroty.

- Regularly assess SOC maturity and drive improvements using frameworks like CMMC, NIST CSF, and ISO 27001.

Strategic Planning and Stakeholder Collaboration :

- Lead strategic initiatives for SOC service expansion, such as Managed Detection and Response (MDR) and OT/IT convergence.

- Participate in quarterly business reviews (QBRs) to communicate SOC performance and recommend enhancements.

- Align SOC services with regulatory and compliance requirements, such as GDPR, HIPAA, PCI-DSS, and CCPA.

- Collaborate with product and engineering teams to create tailored cybersecurity solutions for clients across industries.

Required Skills and Qualifications :

Technical Skills :

- Advanced understanding of SIEM tools, log management, rule creation, and analytics.

- SOAR Proficiency : Hands-on experience with playbook development, automation, and workflow orchestration.

- Deep knowledge of EDR solutions, including policies, alert monitoring, and threat containment.

- Proficiency in Python, PowerShell, or Bash for automation of security processes.

- Experience with security monitoring in multi-cloud environments using tools like Azure Sentinel, AWS GuardDuty, and Google Chronicle.

- Strong knowledge of hunting techniques, including YARA rules, behavioral analysis, and anomaly detection.

- Vulnerability Management : Experience in vulnerability scanning, patch management prioritization, and reporting.

- Understanding of IOC management, intelligence feeds, and frameworks like MITRE ATT&CK and Diamond Model.

- Expertise in malware analysis, forensic investigation, and remediation strategies.

Certifications (Preferred) :

- CISSP, CISM, CRISC, or CISA.

- CEH, OSCP, or related offensive security certifications.

- Vendor-specific certifications (e., Splunk Certified Architect, Palo Alto XSOAR, CrowdStrike Certified Falcon Administrator).