Director - Head of Security Operations Center

Position : Director - Head of Security Operations Center Location : Chennai Key Competencies: - Strategic Vision - Ability to align SOC service evolution with MSSP business objectives. - Technical Skills - Deep understanding of modern detection and response tools, automation, and integration frameworks. - Client Orientation - Skilled in stakeholder engagement, reporting, and service quality management. - Operational Excellence - Expertise in building scalable 24x7 operations with consistent quality. - Leadership - Strong people management, mentoring, and cross-team collaboration abilities. - Innovation - Aptitude for evaluating and operationalizing emerging SOC technologies. - Deep understanding of modern detection and response tools, automation, and integration frameworks. - Communication - Ability to present complex technical insights to executives and clients clearly and effectively. - Responsible for driving execution of daily, weekly, and monthly metrics for statistical threats and KPIs. - Coordinate with global stakeholders along with the Senior management during contingency scenarios/ high severity incidents to ensure responsive actions are communicated in timely manner. Profile Description: - 15+ years of experience in cybersecurity operations, with at least 5 years in SOC or MSSP leadership. - Proven experience managing multi-tenant SOC environments with diverse customer infrastructures. - Hands-on expertise in: - - Splunk Enterprise Security (use case design, data onboarding, SPL optimization). - - Palo Alto Cortex XSOAR (playbook automation, integration management, case handling). - - Google SecOps (Chronicle + SOAR) (rule development, analytics, log pipelines). - Strong understanding of SIEM/SOAR architectures, EDR, NDR, cloud telemetry, and threat intel integration. - Experience defining and managing SOC SLAs, client KPIs, and service delivery metrics. Key Responsibilities: Leadership and Operations Management - Lead and manage SOC functions comprising Detection, Incident Response, and SOC Engineering teams across multiple shifts and geographies. - Define and enforce SOC service delivery models, operating procedures, and SLAs aligned with client contracts. - Oversee day-to-day SOC operations for multiple customers with varying environments (on-prem, cloud, hybrid). - Ensure effective handover, escalation, and quality assurance across all shifts. - Drive KPIs for detection coverage, mean time to detect/respond (MTTD/MTTR), and client satisfaction. Incident Response and Threat Management - Oversee the end-to-end incident lifecycle: detection, triage, containment, eradication, and recovery. - Establish and maintain client-specific runbooks, escalation matrices, and response playbooks. - Guide major incident response efforts and lead investigations for high-severity or high-impact events. - Ensure timely communication and coordination with client security teams during incidents. Client Engagement and Risk Reporting - Serve as the primary SOC interface for strategic customer engagements. - Prepare and deliver executive risk reports, incident summaries, and detection coverage dashboards to client management teams. - Translate complex technical risks into actionable business insights for diverse client audiences. Technology and Engineering Excellence - Provide technical direction for SIEM/SOAR/Threat Intelligence stack optimization and automation. - Lead the design and maintenance of multi-tenant architectures ensuring data segregation, scalability, and compliance. - Direct the automation of repetitive analyst tasks through playbooks and integrations in Cortex XSOAR. - Evaluate and implement emerging technologies in AI-driven detection, UEBA, threat intelligence correlation, and SOAR orchestration. - Maintain governance for log ingestion, parser accuracy, and retention policies across client environments. Innovation and Technology Evaluation - Continuously assess and pilot next-generation tools in SIEM, SOAR, Threat Intel, and AI/ML-based detection. - Build business cases and lead proofs of concept (POCs) for promising platforms and integrations. - Foster a culture of experimentation, automation, and measurable improvement within the SOC.