Security Operations Center Architect

Role Summary

The SOC Architect is responsible for designing, evolving, and governing the

Security Operations Center (SOC) architecture, ensuring effective threat

detection, investigation, and response across on-prem, cloud, and hybrid

environments.

Key Responsibilities

SOC Architecture & Design

Design and maintain end-to-end SOC architecture, including:

• SIEM
• SOAR
• EDR/XDR
• NDR
• ITDR
• Zero Trust
• SASE
• IAM
• Cloud Security tools

Define log onboarding strategy, data normalization, and correlation models

Architect use-case driven detection frameworks aligned with MITRE ATT&CK

Design multi-tenant SOC architecture (for MSSP environments)

Detection & Response Strategy

• Lead use case development, tuning, and lifecycle management
• Define alert severity, triage models, and escalation workflows
• Integrate automation and orchestration (SOAR) for response
• Support AI SOC / Agentic AI SOC initiatives and roadmap

Governance, Risk & Compliance

• Ensure SOC architecture aligns with:
• ISO 27001
• NIST CSF / 800-53
• RBI / SEBI / sector-specific regulations
• Define logging, retention, and monitoring standards
• Support audits, regulatory assessments, and customer assurance

Stakeholder & Presales Support

• Act as SOC technical authority for customers and internal teams
• Support presales, RFPs, and solution design workshops
• Translate business risks into SOC technical controls
• Guide SOC maturity assessments and transformation programs

Leadership & Mentorship

• Provide technical leadership to SOC engineers and analysts
• Review SOC runbooks, playbooks, and IR procedures
• Drive continuous improvement and innovation

Required Skills & Experience

Core Skills

• Strong experience with SIEM platforms (QRadar, Fortinet, Wazuh, etc.)
• Hands-on with SOAR tools (Fortinet, Palo-Alto, etc.)
• Deep understanding of:
• o SOC workflows
• o Incident response
• o Threat hunting
• Strong knowledge of MITRE ATT&CK

Security Domains

• Endpoint Security (EDR/XDR)
• Network Security (NDR, NBAD)
• Identity Security (IAM, PAM, ITDR)
• Cloud Security Monitoring
• Threat Intelligence integration

Architecture & Integration

• API-based integrations
• Log pipelines & data engineering concepts
• High availability and scalability design
• Multi-tenant SOC design (preferred)