SOC Manager

SOC Strategy & LeadershipDefine and drive SOC strategy aligned with company vision and client needsOwn the multi-year SOC maturity roadmap (NIST, MITRE ATT&CK, etc.)Lead transformation initiatives (SOAR, UEBA, automation)Service DeliveryManagementEnsure consistent, high-quality 24x7 service delivery across all clientsOwn delivery SLAs (alert triage, IR, RCA, daily/weekly reports)Oversee onboarding of new clients and environmentsOperations Oversight• Manage the full SOC lifecycle: detection, triage, IR,RCA, recovery, closureLead incident war rooms for P1/P2 eventsEnsure proper shift coverage, continuity and handoversPeople & Organizational LeadershipLead and manage large, multi-level teams (L1L3, TLs, SMEs)Design role hierarchies, shift models, backup plansHandle performance reviews, succession planning, L&D programsDetection Engineering OversightOversee use case development, refinement, and tuning across SIEMsPrioritize use cases based on TI, incident learnings and threat landscapeEnsure rule effectiveness, reduce false positivesThreat Intelligence IntegrationOversee ingestion and contextualization of TI feeds (commercial + OSINT)Ensure TI relevance across different client industriesEnable automated TI-to-detection correlationTools & Tech Stack ManagementOversee SIEM, SOAR, EDR, TIP, log pipeline and ticketing platformsDrive tool consolidation and cost-efficiencyEnsure uptime, performance, integration across all technologiesProcess & SOP GovernanceDefine and enforce SOC SOPs, playbooks and workflowsEnsure process documentation, versioning and audit readinessConduct periodic process gap analysis and remediationThreat Hunting & Purple TeamingLead proactive threat hunting and red/blue/purple teamingAlign hunt outcomes to detection and use case gapsEncourage hypothesis driven investigation across clientsClient Management & CommunicationBe the face of the SOC to clients during onboarding, BAU and crisisLead weekly/monthly calls, QBRs and auditsManage escalations, change requests and SLA breaches proactivelyIncident Response LeadershipPersonally oversee major incidents (breach, ransomware, targeted attacks)Approve RCAs and external communicationDrive IR tabletop exercises with internal and client stakeholdersCompliance & Audit SupportEnsure SOC compliance with ISO 27001, ISO 22301, PCI DSS, RBI/SEBI/NCIIPC, GDPR, DPDPA normsLead internal and client auditsMaintain documentation, audit trails, log retention and evidencingMetrics, Reporting & DashboardsOwn SOC KPIs, analyst productivity, alert volumes, MTTR, MTTD, RCA timelinesMaintain dashboards for internal leadership and external clientsEnable metrics driven decisions across all layersInnovation & AutomationDrive adoption of automation via SOAR or scriptingSponsor threat detection ML/AI PoCsPush for Cyber Range, EDR auto-remediation and Zero Trust log correlationFinancial & Resource ManagementOwn SOC budget: tools, people, infra, licenses, trainingsOptimize costs while improving performanceForecast future resourcing and capacity needsMulti-Tenancy OperationsDesign SOC operations for multi-tenant scalabilityEnsure logical separation of data and response for different clientsBuild reusable detection packs and onboarding acceleratorsCollaboration with Sales & Pre-salesSupport SoW, RFPs, pricing modelsParticipate in client due diligence callsHelp define service catalogues and tiers based on delivery capabilityVendor & Partner ManagementManage relationships with SIEM, SOAR, EDR, TIP, threat feed vendorsDrive issue resolution and roadmap alignmentEvaluate new vendors for cost and effectivenessKnowledge Management & TrainingEnsure training plans for all analyst levelsMaintain KBs, runbooks and internal wikisSponsor internal workshops, competitions, certificationsBusiness Continuity for SOCOwn SOC BCP/DR planEnsure data centre failover readiness, backup tools and alternate staffingConduct periodic DR drills and service failover testingTool Category Common ToolsSIEM Platforms: Splunk, IBM QRadar, Microsoft Sentinel, LogRhythm, ArcSight,ExabeamSOAR Tools:Palo Alto Cortex XSOAR, IBM Resilient, Splunk SOAR (Phantom),SiemplifyEDR/XDR Tools: CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne,Trellix, Sophos Intercept XThreat Intel Platforms: MISP, Anomali, Recorded Future, ThreatConnect, OpenCTICase/Ticketing Systems:ServiceNow, Jira, TheHive, Remedy, ZendeskDashboards & BI Power BI, Tableau, Kibana, GrafanaAsset/Inventory Tools Qualys, Tenable, Rapid7, Lansweeper, CMDB systemsCommunication Tools Slack, Teams, Zoom, Email (secure channels for incident comms)Compliance/Audit Tools:CyberMetric, Vanta, Drata, Tugboat Logic or in-house auditevidencing systems