Lead SIEM Engineer/ SOC Engineering Lead

Title: Lead SIEM Engineer/ SOC Engineering Lead

Experience Range: 9-14 Years

Location: Bangalore

About You:

• The successful candidate will be a passionate information security professional with the ability to communicate to different business and IT leaders.
• The candidate will demonstrate drive, intelligence, maturity, and energy and will have a proven dedicated desire and attitude towards Information security related topics.
• The ideal candidate thrives in a fast-paced environment, with a strong preference for technical, hands-on work. They should also possess a keen aptitude for mentoring and coordinating the efforts of other engineers, enhancing team performance and cohesion.
• The candidate will exhibit a customer-focused mindset, employing a consultative approach to understand and meet client needs effectively, thereby ensuring superior service and support in all interactions.

Key responsibilities

• Provide leadership and supervision to the SOC Engineering team ensuring tasks and projects are organised and completed to a high standard.
• Deploy and configure Microsoft Sentinel solutions for our customers, in support of enabling our Managed SOC services.
• Interact with customers and technical service leads to understand their business challenges and desired outcomes.
• Develop technical solutions to automate repeatable tasks, including Sentinel Workbooks and Logic Apps.
• Research, design, and implement cyber security solutions including but not limited to the Microsoft Security stack.
• Drive the review and update of client supporting documentation such as cyber security policies, architectures, standards, and playbooks.
• Conduct ongoing research around the threat landscape, including threat actors, TTPs and develop analytical rules, IR actions, investigation strategies and tooling.
• Support the SOC Team investigate and respond to client cyber security incidents taking an active role in incident response management.
• Ensure each customer’s operational health is maintained and respond to all platform requests within agreed SLAs.
• Liaise with Account Managers across the business and assist with the presentation of SOC Monitor technology demonstrations to both current and prospective customers.

Required skills:

• Outstanding written and verbal communication skills in English, essential for effective collaboration and client engagement.
• Substantial experience in a customer-facing role, effectively communicating with diverse stakeholder groups.
• Demonstrated leadership in managing and guiding technical teams.
• Extensive experience within a Managed Security Service Provider (MSSP) environment.
• Advanced proficiency in SIEM, EDR, and EPP, with technical expertise in solutions including Microsoft Sentinel, Elastic, and CrowdStrike Falcon.
• Expertise in creating, tuning, and managing SIEM analytical rules to optimise threat detection and response capabilities, ensuring the efficacy and efficiency of security monitoring systems.
• A robust understanding of query and scripting languages such as KQL, Python, PowerShell, and RegEx, enhancing operational efficiency.
• Significant experience in leading responses to major security incidents.
• Comprehensive knowledge of Windows, Linux, and cloud technologies, particularly Microsoft Azure and Office 365.
• Proven ability in analysing complex data, making strategic recommendations, and presenting findings to client and management teams as part of continuous service improvement initiatives.
• Detailed understanding of attack vectors, skilled in distinguishing between normal and anomalous activities, and adept at recommending countermeasures and remediation strategies.
• Experience collaborating with penetration testers and Red Team members in conducting Purple Teaming events.

Requirements

• Degree in Computer Science, Information Security, or a related field – Must have.
• SC-200 Microsoft Security Operations Analyst – Must have.
• AZ-500 Microsoft Azure Security Technologies – Must have.
• SC-100 Microsoft Cybersecurity Architect – Highly desirable.
• CompTIA Security+ SY0-601 – Desirable.
• Certified Ethical Hacker (CEH) – Desirable.
• GIAC Security Essentials (GSEC) – Desirable.
• GIAC Certified Incident Handler (GCIH) – Desirable.