Lead SOC Engineer

Lead SOC Engineer

Work Experience: 9 to 15 Years

Work Timing: EST Hours US work timing

Work Location: Chennai, Pune, Bangalore Work from office/Hybrid

Key Responsibilities:

1. Security Tool Engineering & Management

Lead the design, implementation, and maintenance of core security platforms, including SIEM, EDR or XDR, SOAR, and Threat Intelligence Platforms.

Develop and fine-tune SIEM correlation rules, dashboards, alerts, and integrate new log sources.

Manage and optimize EDR or MDR or Intune agents, ensure full coverage, and report and remediate tooling gaps.

Oversee Cisco Umbrella monitoring, alert response, URL policy configurations, and tuning.

Manage MDM or MAM or UEM platforms, including device enrollment, configuration, compliance, lifecycle, and app deployments.

Support and maintain MFA tooling (Cisco Duo) and implement SSO integrations for applications.

Perform certificate and public key infrastructure (PKI) administration.

2. Advanced Threat Detection, Monitoring & Hunting

Implement proactive threat hunting methodologies across endpoints, cloud, and network.

Conduct in-depth forensic analysis, log analysis, and packet analysis to detect sophisticated attacks.

Monitor and respond to SIEM and EDR alerts during 125 operations with on-call escalation for critical alerts.

3. Vulnerability & Patch Management Governance

Govern remediation activity from bi-weekly vulnerability scans and penetration tests.

Coordinate with IT for patch management compliance across operating systems and applications.

4. Email Security Engineering (Proofpoint or SPF or DKIM orDMARC)

Design, configure, and manage email security solutions to protect inbound or outbound mail.

Monitor Proofpoint alerts, tune filters, and manage DLP policies.

5. Device Security, Compliance & Enrollment

Manage device provisioning, enrollment, policy enforcement, and secure configuration baselines.

Oversee BYOD security, selective wipe, mobile application security, and compliance enforcement.

6. Incident Response & Governance

Lead incident triage, containment, eradication, and recovery actions.

Conduct root cause analysis and provide executive-level reporting.

7. Governance, SOP Development & Compliance

Create and maintain SOPs, KB articles, and documentation aligned to security frameworks.

Participate in annual security audits, assisting with evidence gathering and auditor engagement.

8. Security Awareness & Training (KnowBe4 Governance)

Oversee governance of KnowBe4 user awareness training, enrollment, and campaign assignments.

Track compliance, escalate per SOP, and generate training & phishing metrics.

Create awareness communications and align training with current threat trends.

9. Mentorship & Leadership

Contribute to the security program strategy, technology evaluations, and process improvements.

Conduct knowledge-sharing sessions and maintain internal training materials.

Required Qualifications:

Minimum 8 years of experience in security engineering, operations, or similar role.

Strong background in incident response, threat hunting, and device security management.

Technical Skills:

Expert knowledge of security technologies including EDR, SIEM, MDM or UEM, MFA, PAM, DLP, and DNS filtering.

Strong understanding of NIST CSF, CIS Controls, and MITRE ATT&CK.

Soft Skills:

Excellent communication and documentation skills.

Strong analytical abilities and high attention to detail.

Ability to work in high-pressure environments and manage on-call escalations.

Collaborative mindset with the ability to work cross-functionally.

Education & Certifications:

Bachelor's degree or equivalent experience.

Good to have certifications: CISSP, GIAC (GCIH, GCFA, GCTI), OSCP, or tool-specific certifications (Splunk, Sentinel, CrowdStrike, Intune, Proofpoint, Zscaler, CyberArk, etc.)