Lead Security Architecture

Lead Security Architecture & SOC Engineering

Role Overview: We are seeking a highly skilled Lead Security Architecture & SOC Engineering to design, build, and mature Airtel's threat detection and cyber defense capabilities. This critical role spans Airtel's telecom ecosystem — 2G, 4G, 5G SA/NSA, Fixed Wireless Access (Consumer & Enterprise Services), Wi-Fi, Homes & Broadband, NLD/ILD, DTH, Enterprise, and Transport.

The role will combine security architecture review, threat modeling, detection engineering, and automation to ensure end-to-end visibility and resilience. The ideal candidate will bring expertise in SIEM, SOAR, EDR, NDR, UEBA, threat intel platforms, and open-source technologies, with a proven ability to review existing architectures, onboard new technologies, and drive enterprise-wide integrations. The candidate will also lead the MSS Build team and own BCP/DR and FCAPS lifecycle management of Airtel's security technologies & tools.

This role works independently, owning the SOC Build end-to-end, while leading MSS teams for delivery and collaborating with other Leads as part of a unified security leadership team.

Key Responsibilities:

Strategic Impact

• Own the security detection architecture across Airtel network, ensuring resilience against evolving telecom and enterprise threats.
• Conduct security architecture reviews of existing technologies and assess suitability of new platforms/tools before onboarding.
• Lead threat modeling and detection framework adoption using MoTIF, MITRE ATT&CK, NIST CSF, and telecom-specific standards (3GPP, GSMA FS.11, ISO
• Define Airtel' SOC (network) engineering roadmap covering SIEM, SOAR, EDR, NDR, UEBA, and automation.

Operational Excellence

• Lead use case lifecycle management: design, development, fine-tuning, and enrichment across Splunk SIEM, SOAR, ELK, and open-source tools.
• Lead the MSS Build Team, ensuring high-quality delivery of SOC use cases, integrations, and automation.
• Manage the full lifecycle (FCAPS) of all security tools and Ensure BCP/DR for security platforms, maintaining continuity.
• Review and suggest policies for EDR and NDR platforms for proactive detection.
• Build and optimize SOAR playbooks and automation pipelines to reduce manual response efforts.
• Drive log source strategy and integrations across telecom and enterprise domains (Core NEs, RAN, OSS/BSS, Broadband, DTH, Transport).
• Enable threat intelligence integration (global & local feeds, TIP platforms) into detection workflows.
• Perform gap analysis on detection coverage against MoTIF, MITRE ATT&CK, and adversary simulations.
• Ensure continuous false positive reduction through correlation rule optimization and AI/ML enrichment.

Leadership & Collaboration

• Partner with domain owners, architecture/design teams, OEMs and MS partners to embed detection requirements into new and existing projects/nodes/services/technologies.
• Lead SOC engineering teams to deliver detection content, automation, and log onboarding at scale and SLA-driven delivery.
• Work closely with SOC Ops, VAPT, and GRC teams to ensure detection readiness, audit compliance, and threat-informed defense.
• Provide executive-level governance reports on detection coverage, technology health, automation adoption, and architecture reviews.
• Act as the primary reviewer for all new technology integrations.

Required Skills and Experience:

• 10-12 years in SOC engineering, detection, or security architecture leadership, with telecom exposure.
• Strong expertise in security platform eg. SIEM: Splunk, ELK, SOAR Phantom, UEBA, EDR CrowdStrike & SentinelOne, NDR, Threat Intel Platforms: MISP,Open-source stacks Wazuh etc.
• Hands-on with Python, Bash, PowerShell scripting for automation, parser building, and data enrichment.
• Experience with BCP/DR planning and execution for critical security platforms.
• Proven expertise in tool lifecycle/FCAPS management and performance optimization.
• Deep understanding of telecom protocols and threat vectors.

Preferred Qualifications:

• Certifications: Splunk Architect, TOGAF, CISSP, CISM, GCDA, OSCP/OSWE (advantage).
• Familiarity with MoTIF, MITRE ATT&CK, NIST CSF, GSMA FS.11, ISO 27011.
• Experience in telecom SOC engineering or MSS build team leadership.
• Exposure to cloud-native 5G security architecture and API security.

Why Join Us?

• Play a critical leadership role in defining Airtel's security architecture and SOC engineering strategy.
• Lead MSS Build teams and own end-to-end lifecycle of security tools.
• Drive BCP/DR readiness and FCAPS management of Airtel's security stack.
• Collaborate with global OEMs, MSSPs, regulators, and threat intel partners.
• Shape Airtel's next-gen SOC architecture with automation, intelligence, and resilience.