Cybersecurity Lead – SEIM Architect

Job Title

Cybersecurity Lead L3

Tower: Cybersecurity Services

Service Line: Cybersecurity Services

Level: L3

Location: India (Chennai preferred; Bengaluru / Hyderabad acceptable)

Role Overview

The Cybersecurity Lead L3 is responsible for end-to-end leadership, governance, and technical oversight of the clients cybersecurity services, covering network security, endpoint protection, security monitoring, vulnerability management, and email security .

This role ensures cybersecurity operations are delivered in alignment with the NIST Cybersecurity Framework (CSF) and the agreed scope, leveraging Microsofts security ecosystem to protect on-premises, cloud, and endpoint environments. The lead acts as the primary authority for cybersecurity operations , client engagement, and service assurance.

Key Responsibilities

1. Cybersecurity Operations Leadership (Aligned to NIST CSF)

• Provide leadership and oversight across 24x7 cybersecurity operations , including SOC, EDR, firewall, vulnerability management, and email security.
• Ensure services align to NIST CSF functions : Identify, Protect, Detect, Respond, and Recover.
• Govern security operations across:
• On-premises infrastructure
• Azure cloud environments
• End-user devices and VOIP assets
• Act as the senior escalation point for cybersecurity-related issues.

2. Security Monitoring & SOC Governance

• Govern 24x7 security monitoring across users, devices, applications, and infrastructure.
• Ensure effective use of Microsoft analytics and threat intelligence to detect threats and minimize false positives.
• Oversee real-time monitoring, alert triage, and confirmation of security incidents.
• Ensure incidents and alerts are logged, tracked, and managed via ITSM tools .
• Provide oversight and guidance to Tier-2 teams during investigation and resolution.

3. Endpoint Detection & Response (EDR) Oversight

• Provide governance and technical oversight for endpoint security services , including:
• Endpoint Detection & Response (EDR)
• Antivirus and anti-malware platforms
• Oversee:
• EDR console administration
• Policy configuration, tuning, and exception management
• Endpoint agent rollout, coverage validation, and compliance reporting
• Ensure endpoint security operations align with defined standards and business requirements.

4. Firewall & Network Security Governance

• Govern firewall operations supporting network and VOIP security.
• Ensure firewall platforms are:
• Maintained and patched
• Aligned with vendor security bulletins
• Configured according to customer security requirements
• Oversee firewall rule lifecycle management, security profiles, and configuration changes.
• Ensure network security controls align with asset function and risk posture.

5. Vulnerability Management & Penetration Testing Oversight

• Govern the vulnerability management program using industry-recognized platforms.
• Ensure:
• Regular scanning of Beacon assets
• Risk-based prioritization of vulnerabilities
• Timely remediation tracking and validation
• Review vulnerability reports, trends, and remediation effectiveness.
• Oversee configuration and coverage of vulnerability scanning platforms.
• Ensure penetration testing and vulnerability remediation activities align with security objectives.

6. Managed Email Security (Microsoft Defender for Office 365)

• Provide oversight for email security services using Microsoft Defender for Office 365.
• Govern:
• Anti-phishing policies
• Safe Attachments and Safe Links configurations
• Alerting and detection mechanisms
• Ensure effective investigation of suspicious emails and phishing attempts.
• Review threat trends and guide policy tuning to reduce risk.

7. Client Engagement, Reporting & Governance

• Act as the senior cybersecurity point of contact for the client.
• Deliver quarterly executive-level cybersecurity reports , linking security outcomes to:
• Business uptime
• Compliance posture
• Cost optimization
• Participate in governance forums, security reviews, and service discussions.
• Ensure transparency, consistency, and confidence in cybersecurity service delivery.

8. Team Leadership & Service Enablement

• Provide direction and guidance to L2 and L3 cybersecurity engineers.
• Support onboarding, transition, and knowledge transfer activities.
• Ensure strong documentation, SOPs, and audit readiness.
• Promote standardization and continuous improvement across cybersecurity services.

Skills & Experience

Technical & Leadership Skills

• Strong leadership experience across:
• SOC operations
• Endpoint security (EDR, AV)
• Network security (firewalls)
• Vulnerability management
• Email security
• Deep understanding of NIST Cybersecurity Framework (CSF) .
• Strong familiarity with Microsoft security ecosystem , including:
• Microsoft Sentinel (advantage)
• Microsoft Defender (Endpoint, Office 365)
• Ability to translate cybersecurity risks into business-relevant insights.

Tools & Platforms (Aligned to Scope)

• Microsoft Sentinel (advantage)
• Microsoft Defender for Endpoint & Office 365
• Endpoint security platforms (EDR/AV)
• Firewall platforms
• Vulnerability management tools
• ITSM platforms for incident and alert management

Experience

• 12+ years of experience in cybersecurity roles.
• Prior experience in L3 / Lead cybersecurity positions .
• Experience managing enterprise or managed SOC environments.
• Exposure to regulated or compliance-driven environments is preferred.

Soft Skills & Behavioral Expectations

• Strong leadership and governance mindset.
• Clear, confident client-facing communication.
• Structured decision-making aligned to risk and compliance.
• High ownership for cybersecurity outcomes.
• Collaborative working style across IT and business teams.

Working Model

• Offshore delivery from India.
• Alignment with client business hours for governance and reporting.
• Escalation availability for significant security incidents.
• Active involvement during transition and steady-state operations.