Lead – Security Architecture

Location: Gurugram

Job Type: Full-Time

Role Overview:
We are seeking a highly skilled Lead – Security Architecture & SOC Engineering to design, build, and mature Airtel's threat detection and cyber defense capabilities. This critical role spans Airtel's telecom ecosystem — 2G, 4G, 5G SA/NSA, Fixed Wireless Access (Consumer & Enterprise Services), Wi-Fi, Homes & Broadband, NLD/ILD, DTH, Enterprise, and Transport.

The role will combine security architecture review, threat modeling, detection engineering, and automation to ensure end-to-end visibility and resilience. The ideal candidate will bring expertise in SIEM, SOAR, EDR, NDR, UEBA, threat intel platforms, and open-source technologies, with a proven ability to review existing architectures, onboard new technologies, and drive enterprise-wide integrations. The candidate will also lead the MSS Build team and own BCP/DR and FCAPS lifecycle management of Airtel's security technologies & tools.

This role works independently, owning the SOC Build end-to-end, while leading MSS teams for delivery and collaborating with other Leads as part of a unified security leadership team.

Key Responsibilities:

Strategic Impact

· Own the security detection architecture across Airtel network, ensuring resilience against evolving telecom and enterprise threats.

· Conduct security architecture reviews of existing technologies and assess suitability of new platforms/tools before onboarding.

· Lead threat modeling and detection framework adoption using MoTIF, MITRE ATT&CK, NIST CSF, and telecom-specific standards (3GPP, GSMA FS.11, ISO

· Define Airtel' SOC (network) engineering roadmap covering SIEM, SOAR, EDR, NDR, UEBA, and automation.

Operational Excellence

· Lead use case lifecycle management: design, development, fine-tuning, and enrichment across Splunk SIEM, SOAR, ELK, and open-source tools.

· Lead the MSS Build Team, ensuring high-quality delivery of SOC use cases, integrations, and automation.

· Manage the full lifecycle (FCAPS) of all security tools and Ensure BCP/DR for security platforms, maintaining continuity.

· Review and suggest policies for EDR and NDR platforms for proactive detection.

· Build and optimize SOAR playbooks and automation pipelines to reduce manual response efforts.

· Drive log source strategy and integrations across telecom and enterprise domains (Core NEs, RAN, OSS/BSS, Broadband, DTH, Transport).

· Enable threat intelligence integration (global & local feeds, TIP platforms) into detection workflows.

· Perform gap analysis on detection coverage against MoTIF, MITRE ATT&CK, and adversary simulations.

· Ensure continuous false positive reduction through correlation rule optimization and AI/ML enrichment.

Leadership & Collaboration

· Partner with domain owners, architecture/design teams, OEMs and MS partners to embed detection requirements into new and existing projects/nodes/services/technologies.

· Lead SOC engineering teams to deliver detection content, automation, and log onboarding at scale and SLA-driven delivery.

· Work closely with SOC Ops, VAPT, and GRC teams to ensure detection readiness, audit compliance, and threat-informed defense.

· Provide executive-level governance reports on detection coverage, technology health, automation adoption, and architecture reviews.

· Act as the primary reviewer for all new technology integrations.

Required Skills and Experience:

· years in SOC engineering, detection, or security architecture leadership, with telecom exposure.

· Strong expertise in security platform eg. S
IEM: Splunk, ELK, SOAR Phantom, UEBA, EDR CrowdStrike & SentinelOne, NDR, Threat Intel Platforms: MISP,Open-source stacks Wazuh etc.

· Hands-on with P
ython, Bash, PowerShell
scripting for automation, parser building, and data enrichment.

· Experience with BCP/DR planning and execution for critical security platforms.

· Proven expertise in tool lifecycle/FCAPS management and performance optimization.

· Deep understanding of telecom protocols and threat vectors.

Preferred Qualifications:

· Certifications: Splunk Architect, TOGAF, CISSP, CISM, GCDA, OSCP/OSWE (advantage).

· Familiarity with MoTIF, MITRE ATT&CK, NIST CSF, GSMA FS.11, ISO 27011.

· Experience in telecom SOC engineering or MSS build team leadership.

· Exposure to cloud-native 5G security architecture and API security.

Why Join Us?

· Play a critical leadership role in defining Airtel's security architecture and SOC engineering strategy.

· Lead MSS Build teams and own end-to-end lifecycle of security tools.

· Drive BCP/DR readiness and FCAPS management of Airtel's security stack.

· Collaborate with global OEMs, MSSPs, regulators, and threat intel partners.

· Shape Airtel's next-gen SOC architecture with automation, intelligence, and resilience.