ColorTokens - Security Operations Center Manager - SIEM

Job Summary :

Colortokens is seeking a SOC Manager to lead our Security Operations Center (SOC), leveraging Next-Gen SIEM to detect, respond to, and mitigate security threats.

The ideal candidate will have deep expertise in modern SIEM platforms, threat intelligence, and incident response while managing customers and a team of security analysts.

Job Title : SOC Manager

Location : Bangalore

Job Type : Full-time

Department : Managed Services

Key Responsibilities :

1. SOC Leadership & Operations :

- Oversee 24/7 security monitoring, detection, and response operations.

- Manage, mentor, and train a team of SOC analysts, engineers, and incident responders.

- Develop and optimize SOC processes, playbooks, and runbooks for effective incident handling.

- Ensure continuous threat monitoring, analysis, and escalation in accordance with SLAs.

2. SIEM & Security Analytics Management :

- Implement, manage, and optimize Next-Gen SIEM solutions (eg : Stellar Cyber, Cortex, Chronicle etc)

- Develop advanced detection rules, correlation logic, and behavioural analytics for real-time threat detection.

- Integrate SIEM with EDR, NDR, SOAR, Threat Intelligence, and Cloud Security tools.

- Ensure log management, normalization, and enrichment from various sources (firewalls, endpoints, cloud, IAM, etc.

3. Threat Detection, Incident Response & Forensics :

- Lead security investigations, threat hunting, and forensics analysis.

- Work with SOC analysts to triage and escalate security incidents (MITRE ATT&CK-based).

- Oversee the incident response process and conduct post-mortem analysis for continuous improvement.

- Collaborate with threat intelligence teams to enrich SIEM detections with contextual threat data.

4. Compliance, Reporting & Automation :

- Ensure SOC operations align with regulatory standards (ISO 27001, NIST, GDPR, SOC 2, etc.

- Develop automated detection & response workflows using SOAR (Security Orchestration, Automation, and Response).

- Generate SIEM dashboards, security reports, and executive summaries for stakeholders.

- Conduct tabletop exercises and Red/Blue team drills to enhance security readiness.

5. Customer & Stakeholder Engagement :

- Act as the primary point of contact for key customers, ensuring high-quality service delivery.

- Collaborate with OEMs to address cybersecurity risks.

- Present threat intelligence reports, risk assessments, and incident trends to executive stakeholders.

- Drive continuous improvement initiatives based on customer feedback and security landscape changes.

- Customer SLA management and ensure CSAT of greater than 4.5/5

6.Business Support :

- Work with pre-sales teams to respond to customer RFI/RFPs

- Responsible for upsell and cross-sell activities

- Enable/train sales teams across regions

7.Required Skills & Experience :

Technical Expertise :

- 12-15 years of experience in SOC operations, SIEM, and cybersecurity incident response.

- Hands-on expertise with Next-Gen SIEM platforms.

- Proficiency in SOAR, EDR, XDR, Cloud Security (AWS/Azure/GCP), and threat intelligence tools.

- Strong knowledge of MITRE ATT&CK, Cyber Kill Chain, and NIST frameworks.

- Experience in log analysis, anomaly detection, and SIEM rule creation.

- Scripting skills in Python, PowerShell, or Regex for automation.

Leadership & Soft Skills :

- Strong leadership experience in managing and mentoring SOC teams.

- Excellent incident response and crisis management abilities.

- Effective communication with technical and non-technical stakeholders including customers.

- Ability to collaborate with IT, DevOps, and security teams to enhance security posture.

Preferred Certifications :

- CISSP (Certified Information Systems Security Professional)

- GCIA (GIAC Certified Intrusion Analyst)

- GCIH (GIAC Certified Incident Handler)

- SIEM Vendor Certifications

Skills : SOC Manager, SOC Process, CISSP, Pre-Sales Activities, SOC Setup Experience