SOC-Associate Director

Serve as an escalation point for all Threat Analysts on shift for complex/unusual alerts/cases/requests/incidents. 

Daily review of security alerts/logs with follow-up on any suspicious activity. 

Review cases escalated by Threat Analysts to investigate, respond and remediate; Ensure an effective flow of escalated cases; and Conduct quality assurance of cases. 

Mentoring associate team members and contribute in streamlining SOC operations for continuous 

improvement. 

To ensure an escalate flow of Incident Management System; Assist the team in developing the incident 

response strategy and then creating and assigning response actions to Threat Analysts as needed; 

Provide timely and actionable insights to executive leadership and cross-functional teams. 

Develop and deliver SOC dashboards, threat summaries, and risk reports to stakeholders. 

Perform investigation of network and hosts/endpoints for malicious activity, to include analysis of packet 

captures, and assist in efforts to detect, confirm, contain, remediate, and recover from attacks. 

Proactively monitor, identify, and analyse complex internal and external threats, including viruses, targeted attacks and unauthorized access, and mitigate risk to IT systems. 

Establish and maintain robust SOPs, incident playbooks, escalation matrices, and case management workflows. 

Ensure SOC processes are aligned with regulatory frameworks such as ISO 27001, NIST CSF, GDPR,  

PCI DSS or local data protection laws. 

Support internal and external audits and contribute to enterprise risk management initiatives. 

Define approach / strategy to help improve customer security posture & reduce attack surface  

Root cause analysis, troubleshoot complex issues with existing security and privacy protection protocols. 

Responding to inbound security monitoring alerts, emails, and inquiries from the organization. 

Providing support for Incident Response, including evidence collection, documentation, communications, 

and reporting. 

Responsible for onboarding the clients; both in cloud and on-prem or as per solution  

Have good understanding / exposure of security landscape and cyber security tools  

Own end-to-end planning of the annual budget for the service line, including headcount, tools, training, and infrastructure. 

Mandatory Skills required for the role:

·      Hands on working Experience on any SIEM tool (Qradar /Splunk/Alien Vault/Arcsight/ McAfee).

·      More than 1 year of L3 / Lead experience and team management is required.

·      Team Management and Network Management / Operations Management.

·      Good understanding of database, security products (Firewall, IDS/IPS, AV/ EDR) and other tech products in cyber space.

·      Hands on experience in building threat hypothesis and threat intelligence