Security Operations Center Manager

We is seeking a highly skilled and motivated Information Security Manager to lead initiatives across SOC operations and Governance, Breach attack simulation, cloud security, and governance. The ideal candidate will possess deep technical expertise, strategic thinking, and strong communication skills to drive a secure and resilient environment.

KEY RESPONSIBILITIES

Security Operations Center (SOC) Management

Platform Optimization: Fine-tune SIEM ingestion devices to reduce noise and improve signal-to-noise ratio. Implement SOAR integrations for automated incident response and ticketing. Conduct regular health checks and performance tuning of SOC tools.

MITRE ATT&CK Mapping: Align detection rules with MITRE tactics and techniques using AI-powered tagging tools. Maintain MITRE coverage dashboards and ensure completeness across analytics rules.

SLA Tracking & Governance: Define and monitor SLAs for incident triage, escalation, and closure. Conduct weekly governance reviews with SOC partners to assess KPIs and incident trends. Develop playbooks and runbooks for consistent incident handling

Oversee File Integrity Monitoring (FIM) implementation to detect unauthorized changes to critical files, system configurations, and registries. Define baseline configurations and monitor deviations. Ensure FIM alerts are integrated into SIEM for centralized visibility. Use FIM data to support forensic investigations and compliance audits.

Implement and manage Database Access Monitoring to track and analyse user activity across critical databases. Monitor query execution, access patterns, and privilege usage. Detect unauthorized access attempts and suspicious behaviour. Ensure logging and alerting are in place for compliance and audit readiness.

Cloud Security Posture Management (CSPM) / Cloud Workload Protection (CWP)

Alert Triage & Remediation: Investigate alerts from CSPM/CWP tools and drive timely closure. Implement automated remediation scripts for common misconfigurations.

Security Best Practices: Enforce secure-by-design principles across cloud deployments. Conduct periodic reviews of cloud policies, IAM roles, and network configurations.

Automation & Optimization: Integrate CSPM/CWP tools with CI/CD pipelines for proactive security. Develop custom rules and policies tailored to business needs.

External Threat Intelligence

Brand Monitoring: Use threat intelligence platforms to detect phishing, impersonation, and brand abuse. Coordinate takedown requests and take required actions as needed.

Dark Web Surveillance: Monitor forums and marketplaces for leaked credentials, insider threats, and data exposure.

Governance, Risk & Compliance

Policy & Frameworks: Develop and maintain security policies aligned with ISO 27001 and RBI guidelines. Conduct gap assessments and drive remediation plans.

Audit & Risk Management: Support internal and external audits with evidence and documentation. Track risk mitigation efforts and report progress to senior leadership.

Reporting & Stakeholder Engagement

Executive Dashboards: Prepare monthly and quarterly reports on security posture, incidents, and metrics. Present findings to leadership and internal stakeholders.

MANDATORY SKILLS REQUIRED

1. Bachelor's degree in Information Security, Computer Science, or a related field (or equivalent experience).

2. SOC operations and SIEM optimization

3. MITRE ATT&CK mapping and threat modelling

4. CSPM/CWP alert management and automation

5. BAS execution and gap remediation

6. Threat intelligence (brand/dark web)

7. Strong understanding of regulatory frameworks (RBI, ISO

8. Excellent soft skills: stakeholder communication, presentation, and leadership.

9. Preferred certifications: CISM, CEH, CCSP, or equivalent.

10. Understanding of secure network architecture, segmentation and defence in depth.

11. Designing and implementing security controls across systems, networks and applications.

12. Ability to analyze complex security issues and clearly communicate them to non-technical stakeholders