Job Title: SOC Lead/Manager – Cyber Monitoring & Response Job Description We are seeking a highly skilled SOC Lead to oversee our Cyber Defence Operation Centre(CDOC), drive threat detection, and orchestrate incident response. This role demands deep technical expertise, strong leadership, and the ability to design and implement advanced security monitoring and response strategies. The SOC Lead will be responsible for real-time monitoring, threat intelligence analysis, forensic investigations, and security automation, ensuring that the organization remains resilient against evolving cyber threats. **Location:** [Gurgaon] **Job Type:** Full-time | On-site/Hybrid **Reports To:** Associate Director of Cyber Defence Operation Centre **Key Responsibilities:** **SOC Operations & Security Monitoring** + Lead and manage the **24/7 Security Operations Center (SOC)** , ensuring **continuous threat detection and response** . + Working extensively on **SIEM (XSIAM. Arcsight, Splunk, QRadar, ELK, Sentinel, etc.)** and other security monitoring tools. + Oversee **24/7 monitoring** of security events and alerts. + Ensure effective use of SIEM (Security Information and Event Management) tools. + Prioritize, analyze, and manage security incidents. + Improve threat intelligence capabilities and integrate with threat intelligence feeds.Continuously **optimize detection rules, correlation logic, and security alerts** to minimize false positives and improve response times. **Incident Response & Management** + Develop and enforce **incident response plans (IRPs)** . + Ensure timely response to cyber threats, minimizing impact. + Coordinate with stakeholders during major incidents. + Conduct post-incident analysis and lessons learned exercises. **EDR/XDR (Endpoint Detection & Response / Extended Detection & Response)** + **CrowdStrike Falcon** – AI-powered threat detection with real-time response. + **Palo Alto XDR** – Extended Detection and Response. + **Microsoft Defender for Endpoint** – Integrated with Azure security solutions. + – Behavioral AI-driven endpoint protection. + **Carbon Black (VMware)** – Next-gen EDR with cloud analytics. + **Sophos Intercept X** – Machine-learning-based ransomware prevention. **Threat Intelligence Platforms (TIP)** + **Recorded Future** – AI-driven threat intelligence analysis. + **MISP (Malware Information Sharing Platform)** – Open-source threat sharing platform. + **Flashpoint Threat Intel** + **Outseer AFCC ( Previously RSA)** + **IBM X-Force Exchange** – Intelligence-sharing with global threat data. + **Anomali ThreatStream** – Automated threat intelligence processing. + **VirusTotal Enterprise** – File and URL malware scanning with shared intelligence. **Compliance & Reporting** + Ensure compliance with security frameworks (ISO 27001, NIST, GDPR, etc.). + Maintain accurate security logs and reports for audits. + Prepare executive-level reports on security incidents and risk posture. **Red Team Collaboration & Penetration Testing Support** + Coordinate with **Red Teams & Ethical Hackers** to improve blue team defenses and detection coverage. + Assist in **purple teaming** exercises to fine-tune SOC detection capabilities against adversarial TTPs. + Leverage **adversary emulation tools** (Caldera, Atomic Red Team, MITRE CALDERA) to validate detection logic. **Collaboration & Communication** + Act as a key liaison between IT, legal, compliance, and business units. + Coordinate with external security teams, vendors, and law enforcement. + Conduct security awareness training for employees. **Leadership & Team Development** + Lead and mentor a team of **SOC analysts (L1-L3), threat hunters, and DFIR specialists** . + Foster a culture of **continuous learning** , conduct **CTF challenges** , and ensure team certifications. + Define **KPIs & metrics** to measure SOC effectiveness (MTTD, MTTR, False Positive Rates, etc.). + Define SOC objectives, goals, and security strategies. + Align SOC operations with business and IT security objectives. + Lead, mentor, and train SOC analysts and security engineers. + Develop and maintain SOC policies, procedures, and playbooks. **Required Technical Skills & Experience:** + **Experience:** **7+ years** in cybersecurity, with at least **3 years in a SOC leadership role** . + **SIEM & Log Analytics:** XSIAM, ArcSight, Splunk, Elastic Stack (ELK), QRadar, Microsoft Sentinel + **Threat Intelligence:** MITRE ATT&CK, Cyber Kill Chain, MISP, STIX/TAXII. + **Incident Response & Forensics:** Volatility, Wireshark, FTK, EnCase, Sleuth Kit, YARA. + **Endpoint Security & EDR/XDR:** CrowdStrike Falcon, Microsoft Defender, Palo Alto XDR, SentinelOne, Carbon Black. + **Cloud Security:** AWS GuardDuty, Azure Security Center, Google Chronicle, CSPM, CNAPP. + **Compliance & Risk:** NIST 800-53, ISO 27001, PCI-DSS, SOC2, GDPR, CIS Benchmarks. Location: IND Gurgaon - Bld 14 IT SEZ Unit 1, 5th, 6th and 17th Flr Language Requirements: Time Type: Full time **If you are a California resident, by submitting your information, you acknowledge that you have read and have access to the Job Applicant Privacy Notice for California Residents (https://www.concentrix.com/resource/job-applicant-privacy-notice-for-california-residents/)**