SOC Lead/Manager

Location: Noida, India

Thales is a global technology leader trusted by governments, institutions, and enterprises to tackle their most demanding challenges. From quantum applications and artificial intelligence to cybersecurity and 6G innovation, our solutions empower critical decisions rooted in human intelligence. Operating at the forefront of aerospace and space, cybersecurity and digital identity, we’re driven by a mission to build a future we can all trust.

Present in India since 1953, Thales is headquartered in Noida and has other operational offices and sites spread across Delhi, Gurugram, Bengaluru and Mumbai, among others. Over 2200 employees are working with Thales and its joint ventures in India. Since the beginning, Thales has been playing an essential role in India’s growth story by sharing its technologies and expertise in Defence, Aerospace and Cyber & Digital sectors. Thales has two engineering competence centres in India - one in Noida focused on Cyber & Digital business, while the one in Bengaluru focuses on hardware, software and systems engineering capabilities for both the civil and defence sectors, serving global needs. The Group has also established an MRO (Maintenance, Repair & Overhaul) facility in Gurugram to provide comprehensive avionics maintenance and repair services to Indian airlines and support the growth of the local aviation industry.

Job Summary:
As team lead of the Cybersecurity Analysts team, you will be in charge of :

• The analysts team
• The team organization
• That the processes are followed and well implemented
• Ensure that SLAs are met,
• Check the quality of the delivery team
• Manage meetings and handover shift with other detection teams (including Marocco)

Key Responsibilities:

•  Team Leadership & Management
  • Lead, mentor, and develop the team, fostering a culture of excellence, collaboration, and continuous improvement
  • Assign tasks, set priorities, and ensure timely and accurate incident handling
  • Conduct regular 1:1 meetings, performance reviews, and technical development discussions
• Incident Detection, Analysis & Response
  • Oversee the monitoring and analysis of security alerts from SIEM, EDR, and other security tools
  • Ensure in-depth quality analysis of security events to identify potential threats, false positives, or indicators of compromise (IOCs).
  • Validate and escalate high-severity incidents to Level 3 (L3) analysts or the CSIRT team as needed
• Follow The Sun Operations
  • Coordinate with global SOC teams to ensure seamless handover of ongoing incidents and knowledge sharing
  • Ensure continuous coverage across EMEA, APAC, and AMER time zones, including shift scheduling and resource allocation
  • Participate in global SOC meetings and contribute to the improvement of detection and response processes
• Process improvement & Reporting
  • Identify gaps in detection capabilities, SOC workflows, and playbooks; drive improvements and automation where possible
  • Develop and maintain SOC playbooks, runbooks, and standard operating procedures
  • Participate to the preparation and presentation of the reports on team performance, incident trends, metrics, and recommendations for management

Qualifications:

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field, or equivalent experience [to be adapated for India]
• 5+ years in a SOC, incident response, or cybersecurity analysis role, with at least 2 years in a leadership or team lead position
• Strong knowledge of cybersecurity principles, threat landscape, and security frameworks (e.g., NIST, ISO 27001)
• Expertise with at least one of the detection tools :
  • Splunk
  • Sekoia
  • EDR : MDE, S1
  • Network security devices
  • Etc..
• Familiarity with scripting languages (Python, PowerShell) is a plus
• Proven leadership and team management abilities.
• Excellent communication and presentation skills ; English fluent
• Strong analytical, problem-solving, and decision-making skills
• Ability to work under pressure, manage multiple priorities, and adapt to a fast-paced environment
• Certifications such as CISSP, CISM, CEH, GIAC, GCFA or CompTIA Security+ are an advantage

Working Conditions:

• Strong collaboration with SOC team located in Morocco
• Follow The Sun Model: Rotational shifts to cover 24/7 operations, including weekends and holidays as needed.
• Collaboration: Close interaction with L3 and CSIRT teams
• May require occasional on-call support or work outside regular hours during security incidents

At Thales, we’re committed to fostering a workplace where respect, trust, collaboration, and passion drive everything we do. Here, you’ll feel empowered to bring your best self, thrive in a supportive culture, and love the work you do. Join us, and be part of a team reimagining technology to create solutions that truly make a difference – for a safer, greener, and more inclusive world.