Responsibilities

• Lead and mentor a team of SOC analysts to ensure consistent monitoring and incident triage.
• Oversee the daily operations of the SOC team, ensuring timely detection and response to security alerts and incidents.
• Ensures strong KRA and KPI management.
• Conduct regular performance evaluations and provide coaching to improve the skills and performance of SOC analysts.
• Foster a collaborative and continuous improvement culture within the team.

Qualifications

• Ensure the timely detection, validation, and triage of security events.
• Coordinate the escalation of potential security incidents to L2/L3 teams for further investigation.
• Maintain clear and effective incident communication channels to ensure smooth handover of escalated issues.
• Collaborate with L2/L3 managers and the SOC Engineering team to improve detection rules, refine use cases, and reduce false positives.
• Develop and enforce SOC operational procedures to ensure consistency in incident triage and escalations.
• Identify opportunities to automate repetitive tasks using SOAR tools and streamline alert handling processes.
• Ensure the team adheres to defined SLAs for incident acknowledgment and escalation.
• Regularly review metrics and generate reports on team performance, alert volume, incident resolution, and other KPIs.
• Participate in security reviews, audits, and post-incident analysis to identify lessons learned. Basic Qualifications:
• Minimum 10 years of total Security operations and 5 years of directly managing SOC team.
• In-depth knowledge of Operating systems (Windows, Linux and MAC OS).
• Knowledge on Network (LAN and WAN) to understand the threat landscape.
• Knowledge on KQL is added advantage.