SOC Manager

1. SOC Strategy & Leadership

2. Define and drive SOC strategy aligned with company vision and client needs

3. Own the multi-year SOC maturity roadmap (NIST, MITRE ATT&CK, etc.)

4. Lead transformation initiatives (SOAR, UEBA, automation)

5. Service DeliveryManagement

6. Ensure consistent, high-quality 24x7 service delivery across all clients

7. Own delivery SLAs (alert triage, IR, RCA, daily/weekly reports)

8. Oversee onboarding of new clients and environments

9. Operations Oversight
   • Manage the full SOC lifecycle: detection, triage, IR,RCA, recovery, closure

10. Lead incident war rooms for P1/P2 events

11. Ensure proper shift coverage, continuity and handovers

12. People & Organizational Leadership

13. Lead and manage large, multi-level teams (L1L3, TLs, SMEs)

14. Design role hierarchies, shift models, backup plans

15. Handle performance reviews, succession planning, L&D programs

16. Detection Engineering Oversight

17. Oversee use case development, refinement, and tuning across SIEMs

18. Prioritize use cases based on TI, incident learnings and threat landscape

19. Ensure rule effectiveness, reduce false positives

20. Threat Intelligence Integration

21. Oversee ingestion and contextualization of TI feeds (commercial + OSINT)

22. Ensure TI relevance across different client industries

23. Enable automated TI-to-detection correlation

24. Tools & Tech Stack Management

25. Oversee SIEM, SOAR, EDR, TIP, log pipeline and ticketing platforms

26. Drive tool consolidation and cost-efficiency

27. Ensure uptime, performance, integration across all technologies

28. Process & SOP Governance

29. Define and enforce SOC SOPs, playbooks and workflows

30. Ensure process documentation, versioning and audit readiness

31. Conduct periodic process gap analysis and remediation

32. Threat Hunting & Purple Teaming

33. Lead proactive threat hunting and red/blue/purple teaming

34. Align hunt outcomes to detection and use case gaps

35. Encourage hypothesis driven investigation across clients

36. Client Management & Communication

37. Be the face of the SOC to clients during onboarding, BAU and crisis

38. Lead weekly/monthly calls, QBRs and audits

39. Manage escalations, change requests and SLA breaches proactively

40. Incident Response Leadership

41. Personally oversee major incidents (breach, ransomware, targeted attacks)

42. Approve RCAs and external communication

43. Drive IR tabletop exercises with internal and client stakeholders

44. Compliance & Audit Support

45. Ensure SOC compliance with ISO 27001, ISO 22301, PCI DSS, RBI/SEBI/NCIIPC, GDPR, DPDPA norms

46. Lead internal and client audits

47. Maintain documentation, audit trails, log retention and evidencing

48. Metrics, Reporting & Dashboards

49. Own SOC KPIs, analyst productivity, alert volumes, MTTR, MTTD, RCA timelines

50. Maintain dashboards for internal leadership and external clients

51. Enable metrics driven decisions across all layers

52. Innovation & Automation

53. Drive adoption of automation via SOAR or scripting

54. Sponsor threat detection ML/AI PoCs

55. Push for Cyber Range, EDR auto-remediation and Zero Trust log correlation

56. Financial & Resource Management

57. Own SOC budget: tools, people, infra, licenses, trainings

58. Optimize costs while improving performance

59. Forecast future resourcing and capacity needs

60. Multi-Tenancy Operations

61. Design SOC operations for multi-tenant scalability

62. Ensure logical separation of data and response for different clients

63. Build reusable detection packs and onboarding accelerators

64. Collaboration with Sales & Pre-sales

65. Support SoW, RFPs, pricing models

66. Participate in client due diligence calls

67. Help define service catalogues and tiers based on delivery capability

68. Vendor & Partner Management

69. Manage relationships with SIEM, SOAR, EDR, TIP, threat feed vendors

70. Drive issue resolution and roadmap alignment

71. Evaluate new vendors for cost and effectiveness

72. Knowledge Management & Training

73. Ensure training plans for all analyst levels

74. Maintain KBs, runbooks and internal wikis

75. Sponsor internal workshops, competitions, certifications

76. Business Continuity for SOC

77. Own SOC BCP/DR plan

78. Ensure data centre failover readiness, backup tools and alternate staffing
79. Conduct periodic DR drills and service failover testing

Tool Category Common Tools

SIEM Platforms: Splunk, IBM QRadar, Microsoft Sentinel, LogRhythm, ArcSight,Exabeam

SOAR Tools:Palo Alto Cortex XSOAR, IBM Resilient, Splunk SOAR (Phantom),Siemplify

EDR/XDR Tools: CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne,Trellix, Sophos Intercept X

Threat Intel Platforms: MISP, Anomali, Recorded Future, ThreatConnect, OpenCTICase/Ticketing Systems:ServiceNow, Jira, TheHive, Remedy, Zendesk

Dashboards & BI Power BI, Tableau, Kibana, Grafana

Asset/Inventory Tools Qualys, Tenable, Rapid7, Lansweeper, CMDB systems

Communication Tools Slack, Teams, Zoom, Email (secure channels for incident comms)

Compliance/Audit Tools:

CyberMetric, Vanta, Drata, Tugboat Logic or in-house audit

evidencing systems