SOC Head

Responsible for managing the end-to-end operations and strategic evolution of our Security Operations Centre (SOC), Threat Hunting & Incident Response, Threat Intelligence, Digital Forensics, and Security Automation functions. This is a senior role crucial to the bank’s cyber resilience, regulatory compliance, and defence modernization initiatives. Key Responsibilities 1. Security Operations Centre (SOC) Leadership • Lead and oversee 24x7 operations of the bank’s internal SOC, including detection engineering, alert triage, and analyst response workflows. • Ensure effective monitoring across IT, cloud, SaaS, and endpoint telemetry sources through integration of SIEM, SOAR, EDR, TIP, NDR etc. • Continuously optimize detection use cases aligned to MITRE ATT&CK and reduce false positives via correlation logic and contextual enrichment. 2. SOAR Implementation & Security Automation • Own the design, deployment, and maintenance of a Security Orchestration, Automation, and Response (SOAR) platform. • Automate repetitive incident response workflows (phishing, malware, insider threat, account compromise, etc.). • Integrate SOAR with SIEM, TIP, ticketing, and ITSM platforms to enable closed-loop automation and reduce MTTR. 3. Threat Intelligence (TI) Management • Establish and manage the threat intelligence program leveraging both commercial and open-source threat feeds. • Operationalize threat intelligence for proactive detection, threat actor profiling, IOC enrichment, and fraud prevention. • Ensure real-time ingestion, enrichment, and distribution of intelligence to SOC, vulnerability management, and fraud teams. 4. Incident Response & Crisis Management • Lead the bank’s incident response program including planning, investigation, containment, and recovery for cyber incidents. • Maintain and regularly test incident response plans through tabletop exercises and simulations. • Interface with executive management, legal, risk, and regulators during security incidents. • Ensure RCA and incident lessons learned are tracked, reported, and addressed. 5. Digital Forensics & Investigation • Lead forensic investigations involving endpoints, servers, insider threats, and data breaches. • Implement forensic toolkits and processes for evidence collection, chain of custody, and root cause analysis. • Work with legal and compliance teams during fraud, litigation, or regulatory investigations. • Run Table Tops with senior management to measure effectiveness of crisis management plan. 6. Regulatory Compliance & Audit Support • Ensure adherence to regulatory requirements from RBI, SEBI, IRDAI, CERT-In, and other national regulators. • Maintain evidence repositories and documentation for compliance audits, incident reporting, and forensic readiness. • Map cyber defense controls to frameworks like NIST CSF, ISO 27001, and the RBI Cyber Security Framework. • Respond to regulatory inspections, reviews, and industry-wide cybersecurity drills. 7. Threat Hunting & Use Case Engineering • Drive proactive threat hunting campaigns based on TTPs, behavior anomalies, and threat intelligence. • Identify gaps in existing controls and coordinate with SOC engineering teams to develop new use cases. • Regularly evaluate and improve detection content using MITRE ATT&CK, Sigma rules, and custom scripts. 8. Technology Modernization & Innovation • Evaluate and onboard modern technologies like XDR, UEBA, cloud-native SOC, and AI/ML-driven detections. • Guide the transformation of the SOC to address modern threats including AI misuse, cloud compromise, and SaaS security risks. • Collaborate with architecture and application teams to ensure secure design and telemetry readiness across digital transformation initiatives. 9. Team Leadership & Vendor Governance • Build and lead a multidisciplinary cyber defense team including SOC analysts, threat hunters, forensic specialists, and automation engineers. • Encourage and ensure upskilling of team using technology solutions like cyber range. • Define clear KPIs for SOC performance (MTTD, MTTR, false positive rate, automation coverage). • Manage and govern security operations vendors, MSSPs, TIP providers, and forensic labs as required.

Apply Now