SOC Lead

About the Role:

We are looking for a seasoned SOC Team Lead who can blend deep cybersecurity expertise with a forward-thinking approach to AI-driven detection and response. In this leadership role, you will be the linchpin between frontline analysts and executive stakeholders — driving operational excellence, championing AI/ML tooling, including Cyble's own intelligence platform, and ensuring threats are detected, triaged, and contained with speed and precision.

You will own the SOC's day-to-day operations while continuously elevating the team's capabilities through automation, threat intelligence, and a culture of continuous improvement.

What You'll Do At CYBLE:

Leadership & Operations

• Lead, mentor, and develop a team of SOC analysts (Tier 1–3), fostering a high-performance security culture
• Oversee 24×7 SOC operations, ensuring coverage, SLA adherence, and escalation procedures are consistently followed
• Act as the primary point of escalation for complex or high-severity incidents
• Conduct regular team reviews, shift handovers, and post-incident retrospectives

AI-Augmented Detection & Response

• Champion the adoption of AI/ML tools for behavioural analytics, anomaly detection, and threat correlation — including Cyble's AI-powered threat intelligence platform
• Leverage Cyble Vision and Cyble's dark web intelligence feeds to enrich detection use cases and proactively identify emerging threats
• Integrate and tune AI-powered SIEM, SOAR, and EDR platforms to reduce false positives and improve detection fidelity
• Develop and maintain AI-assisted playbooks for automated triage and initial response actions
• Evaluate emerging AI security products and recommend adoptions aligned to the threat landscape
• Monitor AI model performance and ensure explainability and auditability of automated decisions

Threat Detection & Triage

• Oversee alert triage workflows, ensuring timely and accurate classification of security events
• Develop and maintain detection rules, correlation logic, and use cases across SIEM and XDR platforms
• Establish triage SLAs and quality benchmarks; regularly audit analyst triage accuracy
• Leverage threat intelligence feeds to continuously refine detection coverage and reduce dwell time

Incident Response

• Lead end-to-end incident response for critical and high-severity security incidents
• Coordinate containment, eradication, and recovery activities in line with the IR framework
• Produce clear, executive-level incident reports and root cause analyses (RCAs)
• Conduct post-incident reviews and drive lessons-learned into process and detection improvements
• Liaise with legal, compliance, and external stakeholders during significant breaches

Process Improvement & Reporting

• Define and track key SOC metrics (MTTD, MTTR, false positive rates, coverage gaps)
• Continuously refine and document SOC runbooks, playbooks, and standard operating procedures
• Prepare regular reporting for CISO and board-level audiences on SOC posture and key incidents
• Drive automation initiatives to improve analyst efficiency and reduce manual workload

What You’ll Need:

Experience

• 5–7 years of progressive cybersecurity experience, with at least 2 years in a SOC leadership or senior analyst role
• Proven hands-on experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, IBM QRadar)
• Strong background in incident response, digital forensics, and threat hunting
• Experience integrating or operating AI/ML-powered security tools (UEBA, NDR, AI-assisted SOAR)

Technical Skills

• Deep understanding of attack frameworks: MITRE ATT&CK, Cyber Kill Chain, Diamond Model
• Proficiency in network forensics, log analysis, and endpoint investigation techniques
• Hands-on experience with SOAR platforms (e.g., Palo Alto XSOAR, Splunk SOAR, Microsoft Sentinel Playbooks)
• Working knowledge of cloud security monitoring (AWS, Azure, GCP) and cloud-native threat detection
• Scripting ability in Python, PowerShell, or KQL for automation and detection rule development
• Familiarity with threat intelligence platforms

Soft Skills & Leadership

• Exceptional communication skills — able to translate technical findings to non-technical executives
• Strong analytical thinking and ability to make sound decisions under pressure
• Proven ability to build, coach, and retain high-performing security teams
• Collaborative mindset with cross-functional stakeholders, including IT, Legal, and Risk

BONUS POINTS IF YOU HAVE:

• Industry certifications: CISSP, CISM, GCIA, GCIH, GDAT, CEH, Microsoft SC-200, or equivalent
• Hands-on experience with Cyble Vision, Cyble CSPM, or equivalent AI-driven threat intelligence and attack surface management platforms
• Prior experience in a regulated industry (BFSI, healthcare, critical infrastructure)
• Familiarity with compliance frameworks: ISO 27001, NIST CSF, SOC 2, PCI-DSS
• Exposure to red team / purple team engagements and adversary simulation exercises
• Experience with deception technologies, honeypots, or active defence strategies

Interview Process

1. CV Shortlist by the Hiring Panel
2. Cognitive Assessment via a platform called Xobin - It’s a 50-minute assessment, which is a mandatory step in our recruitment process for all roles.
3. Panel Discussions - Typically a minimum of three rounds