Director – Head of Cybersecurity Operations

Position :
Director – Head of Security Operations Center

Location :
Chennai

Key Competencies:

·       Strategic Vision – Ability to align SOC service evolution with MSSP business objectives.

·    Technical Skills – Deep understanding of modern detection and response tools, automation, and integration frameworks.

·   Client Orientation – Skilled in stakeholder engagement, reporting, and service quality management.

·   Operational Excellence – Expertise in building scalable 24x7 operations with consistent quality.

·  Leadership – Strong people management, mentoring, and cross-team collaboration abilities.

·  Innovation – Aptitude for evaluating and operationalizing emerging SOC technologies.

·  Deep understanding of modern detection and response tools, automation, and integration frameworks.

· Communication – Ability to present complex technical insights to executives and clients clearly and effectively.

·   Responsible for driving execution of daily, weekly, and monthly metrics for statistical threats and KPIs.

·  Coordinate with global stakeholders along with the Senior management during contingency scenarios/ high severity incidents to ensure responsive actions are communicated in timely manner.

Profile Description:

·  13–15 years of experience in cybersecurity operations, with at least 5 years in SOC or MSSP leadership.

·  Proven experience managing multi-tenant SOC environments with diverse customer infrastructures.

·  Hands-on expertise in:

- Splunk Enterprise Security (use case design, data onboarding, SPL optimization).

- Palo Alto Cortex XSOAR (playbook automation, integration management, case handling).

- Google SecOps (Chronicle + SOAR) (rule development, analytics, log pipelines).

·  Strong understanding of SIEM/SOAR architectures, EDR, NDR, cloud telemetry, and threat intel integration.

· Experience defining and managing SOC SLAs, client KPIs, and service delivery metrics.

Key Responsibilities:

Leadership and Operations Management

· Lead and manage SOC functions comprising Detection, Incident Response, and SOC Engineering teams across multiple shifts and geographies.

· Define and enforce SOC service delivery models, operating procedures, and SLAs aligned with client contracts.

· Oversee day-to-day SOC operations for multiple customers with varying environments (on-prem, cloud, hybrid).

· Ensure effective handover, escalation, and quality assurance across all shifts.

· Drive KPIs for detection coverage, mean time to detect/respond (MTTD/MTTR), and client satisfaction.

Incident Response and Threat Management

· Oversee the end-to-end incident lifecycle: detection, triage, containment, eradication, and recovery.

· Establish and maintain client-specific runbooks, escalation matrices, and response playbooks.

· Guide major incident response efforts and lead investigations for high-severity or high-impact events.

· Ensure timely communication and coordination with client security teams during incidents.

Client Engagement and Risk Reporting

· Serve as the primary SOC interface for strategic customer engagements.

· Prepare and deliver executive risk reports, incident summaries, and detection coverage dashboards to client management teams.

· Translate complex technical risks into actionable business insights for diverse client audiences.

Technology and Engineering Excellence

· Provide technical direction for SIEM/SOAR/Threat Intelligence stack optimization and automation.

· Lead the design and maintenance of multi-tenant architectures ensuring data segregation, scalability, and compliance.

· Direct the automation of repetitive analyst tasks through playbooks and integrations in Cortex XSOAR.

· Evaluate and implement emerging technologies in AI-driven detection, UEBA, threat intelligence correlation, and SOAR orchestration.

· Maintain governance for log ingestion, parser accuracy, and retention policies across client environments.

Innovation and Technology Evaluation

· Continuously assess and pilot next-generation tools in SIEM, SOAR, Threat Intel, and AI/ML-based detection.

· Build business cases and lead proofs of concept (POCs) for promising platforms and integrations.

· Foster a culture of experimentation, automation, and measurable improvement within the SOC.