SOC CW n Dev Lead

Who We Are

At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward – always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities.

The Role

AI & GenAI Integration

• Design and implement AI/ML models for threat detection, behavioural analytics, and anomaly detection using Microsoft Sentinel, Azure ML, and Kyndryl Bridge.

• Integrate Generative AI into SOC workflows for predictive threat modelling, incident summarization, automated RCA generation, and knowledge-driven response recommendations.

• Lead the development of agentic AI systems capable of autonomous decision-making and response orchestration under governed SOC protocols.

• Embed GenAI-powered conversational analytics and predictive insights into executive dashboards for proactive threat visibility and decision-making.

Automation Engineering & Development

• Architect, design, and maintain automation playbooks in Azure Logic Apps and Microsoft Sentinel SOAR to streamline incident triage, enrichment, containment, and remediation.

• Collaborate with SOAR developers, content engineers, and threat detection teams to ensure automation components are modular, reusable, and scalable.

• Define and enforce development standards for SOC automation—covering playbook structure, documentation, versioning, and testing.

• Ensure seamless integration with third-party security tools, ITSM systems, and cloud-native services.

Analytics, Visualization & KPI Management

• Oversee the design of Power BI dashboards for real-time SOC visibility, automation performance metrics, and executive-level SLA reporting.

• Define and monitor automation-linked KPIs such as:

  • Mean Time to Respond (MTTR) reduction

  • Ticket volume reduction

  • Manual intervention percentage

  • RCA turnaround time

  • SLA compliance improvement

• Embed AI/GenAI-driven analytics layers into dashboards to enable adaptive risk visualization and predictive forecasting.

Governance & Compliance

• Participate in SOC governance forums to align AI/automation initiatives with business objectives, regulatory mandates, and compliance frameworks (e.g., ISO 27001, SOC 2, GDPR).

• Establish Responsible AI practices ensuring fairness, transparency, explainability, and human oversight in automated decision-making.

• Maintain audit trails, version controls, and documentation for all AI and automation deployments.

Collaboration & Leadership

• Work closely with SOC Analysts, Threat Intelligence, Platform Engineering, and Cloud Security teams to ensure automation aligns with operational and security needs.

• Mentor junior developers and automation engineers on best practices in AI, scripting, and SOAR development.

• Partner with OEMs and product vendors (Microsoft, Kyndryl, etc.) for roadmap alignment, feature optimization, and performance tuning.

• Lead Continual Service Improvement (CSI) initiatives focused on innovation and operational excellence across global SOC functions.

Who You Are

• 8+ years of experience in SOC Operations, Automation, or Security Engineering, with at least 3 years in a lead role.

• Strong expertise in:

  • Microsoft Sentinel (SOAR, Logic Apps, KQL, custom connectors)

  • Azure Logic Apps and automation frameworks

  • AI/ML model deployment for SOC analytics and anomaly detection

  • PowerShell, Python, or C# scripting for custom automation

  • GenAI integration using Azure OpenAI, Microsoft Copilot, or similar platforms

  • Kyndryl Bridge or equivalent hybrid orchestration tools

• Deep understanding of SOC processes, threat lifecycle, and ITSM/SIEM/SOAR integration.

• Proven experience in developing and managing automation KPIs linked to SLA and operational efficiency.

• Exposure to Power BI, data modelling, and executive reporting frameworks.

• Strong analytical and problem-solving capabilities with a focus on innovation and scalability.

• Microsoft Certified: Security Operations Analyst Associate (SC-200)

• Microsoft Certified: Azure AI Engineer Associate (AI-102)

• Microsoft Certified: DevOps Engineer Expert (AZ-400)

• ITIL v4 Foundation

• Certified SOC Analyst (CSA) or GIAC Certified Automation Professional (GCAP) – Preferred

Being You

Diversity is a whole lot more than what we look like or where we come from, it's how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we're not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you – and everyone next to you – the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That's the Kyndryl Way.

What You Can Expect

With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter – wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations.  At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed.

Get Referred

If you know someone that works at Kyndryl, when asked 'How Did You Hear About Us' during the application process, select 'Employee Referral' and enter your contact's Kyndryl email address.