Lead Information Security Engineer - SOC & Incident Response

Lead Information Security Engineer - SOC & Incident Response

JOB LOCATION: Pune, Maharashtra (Onsite - PKF SOC Office)

JOB SUMMARY: We are seeking an experienced SOC Lead to oversee the security operations for our enterprise clients. You will not only manage the detection and response lifecycle but also act as the primary technical advisor to the clients leadership. You will transition our SOC from a reactive monitoring state to a proactive Threat Hunting and Automated Response (SOAR) model.

QUALIFICATIONS

Minimum Qualifications:

• Education: Bachelors Degree in Engineering or Computer Science.
• Experience: 5-8+ years in Information Security, with at least 2 years in a Senior or Lead SOC role.
• Scripting & Automation: Proficiency in Python or PowerShell for automating security workflows (SOAR playbook creation).
• Network Proficiency: Expert-level knowledge of TCP/IP, traffic analysis (Wireshark), and network forensics.
• Cloud Security: Hands-on experience with cloud-native security tools (AWS GuardDuty, Azure Sentinel, or Google Chronicle).

Desired Qualifications:

• Certifications: CISSP, CISM, GCIH (GIAC Certified Incident Handler), or CASP+.
• Advanced Tech: Experience implementing SOAR platforms (e.g., Palo Alto XSOAR, Splunk Phantom) and EDR solutions (CrowdStrike, SentinelOne).
• Frameworks: Working knowledge of NIST CSF, MITRE ATT&CK framework, and ISO 27001 compliance.

RESPONSIBILITIES AND JOB DESCRIPTION

You will report directly to the director and manage a team of L1/L2 analysts. Your core objective is to reduce the Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR). You will be responsible for the architecture of the security monitoring solution and the quality of the incident response.

KEY RESPONSIBILITIES:

1. SOC Leadership & Strategy:

• Team Management: Lead, mentor, and foster the growth of L1/L2 SOC analysts. Manage shift rosters and handovers to ensure 24/7 coverage.
• Client Stakeholder Management: Act as the primary point of contact for the client, presenting monthly security reports, KPI metrics, and improvement roadmaps.
• Playbook Development: Design and maintain Incident Response playbooks to ensure consistent and rapid handling of threats.

2. Advanced Monitoring & Incident Response:

• Escalation Point: Serve as the final escalation point for critical security incidents (Ransomware, APTs, Data Exfiltration).
• Threat Hunting: Conduct proactive threat hunting operations using hypothesis-driven approaches mapped to the MITRE ATT&CK framework.
• Forensics: Perform root cause analysis (RCA) on major incidents and drive "lessons learned" sessions to patch process gaps.

3. Engineering & Automation:

• SIEM Engineering: Go beyond monitoringoversee the tuning of SIEM rules (Splunk/QRadar/Sentinel) to reduce false positives.
• SOAR Implementation: Integrate disparate security tools using APIs to automate repetitive tasks (e.g., auto-blocking an IP on the firewall, isolating an infected host via EDR).

4. Audit & Compliance:

• Audit Readiness: Ensure the client environment remains compliant with regulatory standards (GDPR, RBI Cyber Security Framework, etc.) by maintaining rigorous logs and audit trails.
• Vulnerability Management: Oversee the vulnerability assessment lifecycle, prioritizing patches based on active threat intelligence rather than just CVSS scores.