Original listing text, shown exactly as published by the company.
Responsibilities
- Lead the end to end SOC alerts workflow.
- Operationalize the Regular Incident Response Plan and Major Incident Response Plan across teams.
- Own SOC tools and automation (with Google SecOps as the primary SIEM, SOAR, Google Threat Intelligence, Gemini AI integrations and Jira as the authoritative system of record).
- Coordinate with our managed SOC provider (Tier 1) to ensure, low noise of false positives, high quality triage, implementation of playbooks, clean escalations, and measurable MTTD/MTTR improvements.
- This is a hands on leadership role: you will design workflows and playbooks, lead investigations and RCA for high impact incidents, and mentor SOC Engineers and Analysts as we scale from a lean Phase 1 SOC (~2–3 FTE) to an AI enabled mature operations.
- Own the SOC alert lifecycle: Alert Ingestion → Triage → Routing → Investigation → Determination → Reporting.
- Act as Major Incident Manager (MIM) for security events meetings.
- Ensure strict adherence to Perforce’s Incident Response Policies for regular incidents
- Maintain the SOC Charter, operating model, and guardrails as per the Operationalization Plan, Own the SOC RACI and routing matrix across SOC, CloudOps, IT, Engineering, and the provider.
Tools, Telemetry & Automation
- Lead design, configuration, and continuous tuning of Google SecOps (Chronicle SIEM + SOAR + case management, Google Threat Intelligence and Gemini integrations) as the primary detection and workflow platform.
- Design and implement automation to:
o Enrich alerts (asset context, user context, historical activity).
o Trigger Jira tickets and playbooks based on Google SecOps cases.
o Support SLA monitoring and notifications (MTTR, remediation timeframes).
- Partner with the Corporate Security on CI/CD and IaC security automation where incident workflows intersect with pipelines (e.g., auto ticketing, auto asset tagging, config drift etc..).
Playbooks, IRP/MIRP Implementation & Quality
- Define and own a core set of playbooks aligned to IRP/MIRP.
o Cloud misconfiguration / CSPM alerts.
o Endpoint malware / suspicious activity.
o Identity/credential compromise.
o Application / product security alerts.
o External threat reports via Security Mailbox or any other threat feeds.
- Oversee False Positives and Exceptions processes.
Metrics, Reporting & Continuous Improvement
- Own SOC KPIs and operational metrics
- Produce and present the Monthly SOC Summary Report
- Lead RCA and post incident reviews
- Champion a culture of continuous improvement
Team Leadership & Stakeholder Management
- Act as day to day lead and senior escalation point for SOC Engineers and Analysts in Pune.
- Coach and mentor team members on process adherence and effective alert handling.
- Build strong partnerships with vendors, partners and stake holders, Serve as primary liaison with the Tier 1 provider.
Requirements
- Bachelor’s or master’s degree in computer science, Information Security, Engineering, or related field.
- 8+ years of experience in Security Operations, Incident Response, or SOC roles, including:
o 2+ years in a lead or senior engineer capacity.
o Proven experience working with managed SOC providers.
- Deep hands on experience with:
o SIEM / security analytics platforms (Google SecOps / Chronicle strongly preferred or equivalent)
o Case and ticket workflows integrated with Jira or other ITSM platforms.
- Strong background in incident response aligned with NIST/ISO:
o Demonstrable experience running containment, eradication, recovery, and post incident RCA.
o Experience coordinating Major Incidents involving multiple teams.
o Cloud platforms Security (AWS, GCP, Azure) and their logging/monitoring stacks.
o Endpoint security (Microsoft Defender or equivalent).
o Common attacker TTPs across infrastructure, endpoints, and SaaS.
o Hands-on Experience with: Security automation (Python/Go/Ruby, SOAR, API based integrations), SIEM and SOAR tools (e.g., Google Sec-Ops, Tenex, Q-radar etc..).
- Ability to interpret and operationalize written processes and RACI models.
Preferred Qualifications / Skills
o Building AI Agentic Workflows and Orchestration.
o Generative AI Engineering (Google eco system) Technics like Gemini Powered Investigation, AI Playbooks development, Prompt Engineering for security.
o Use AI to correlate signals across the infrastructure.
o AI Red Teaming, AI Model Monitoring, Cross functional AI Support.
- Certifications such as GCIA, GCED, GCIH, GCDA, GCFA, CISSP, CCSP, or similar.
- Experience in a global SaaS or multi product organization, Prior experience leading or actively participating in SOC2 or ISO 27001 audit evidence collection.
