SOC Lead
Cyble
Bengaluru, Karnataka, India
Posted on Apr 12, 2026
About The Role
We are looking for a seasoned SOC Team Lead who can blend deep cybersecurity expertise with a forward-thinking approach to AI-driven detection and response. In this leadership role, you will be the linchpin between frontline analysts and executive stakeholders — driving operational excellence, championing AI/ML tooling, including Cyble's own intelligence platform, and ensuring threats are detected, triaged, and contained with speed and precision.
You will own the SOC's day-to-day operations while continuously elevating the team's capabilities through automation, threat intelligence, and a culture of continuous improvement.
What You'll Do At CYBLE
Leadership & Operations
What You’ll Need:
We are looking for a seasoned SOC Team Lead who can blend deep cybersecurity expertise with a forward-thinking approach to AI-driven detection and response. In this leadership role, you will be the linchpin between frontline analysts and executive stakeholders — driving operational excellence, championing AI/ML tooling, including Cyble's own intelligence platform, and ensuring threats are detected, triaged, and contained with speed and precision.
You will own the SOC's day-to-day operations while continuously elevating the team's capabilities through automation, threat intelligence, and a culture of continuous improvement.
What You'll Do At CYBLE
Leadership & Operations
- Lead, mentor, and develop a team of SOC analysts (Tier 1–3), fostering a high-performance security culture
- Oversee 24×7 SOC operations, ensuring coverage, SLA adherence, and escalation procedures are consistently followed
- Act as the primary point of escalation for complex or high-severity incidents
- Conduct regular team reviews, shift handovers, and post-incident retrospectives
- Champion the adoption of AI/ML tools for behavioural analytics, anomaly detection, and threat correlation — including Cyble's AI-powered threat intelligence platform
- Leverage Cyble Vision and Cyble's dark web intelligence feeds to enrich detection use cases and proactively identify emerging threats
- Integrate and tune AI-powered SIEM, SOAR, and EDR platforms to reduce false positives and improve detection fidelity
- Develop and maintain AI-assisted playbooks for automated triage and initial response actions
- Evaluate emerging AI security products and recommend adoptions aligned to the threat landscape
- Monitor AI model performance and ensure explainability and auditability of automated decisions
- Oversee alert triage workflows, ensuring timely and accurate classification of security events
- Develop and maintain detection rules, correlation logic, and use cases across SIEM and XDR platforms
- Establish triage SLAs and quality benchmarks; regularly audit analyst triage accuracy
- Leverage threat intelligence feeds to continuously refine detection coverage and reduce dwell time
- Lead end-to-end incident response for critical and high-severity security incidents
- Coordinate containment, eradication, and recovery activities in line with the IR framework
- Produce clear, executive-level incident reports and root cause analyses (RCAs)
- Conduct post-incident reviews and drive lessons-learned into process and detection improvements
- Liaise with legal, compliance, and external stakeholders during significant breaches
- Define and track key SOC metrics (MTTD, MTTR, false positive rates, coverage gaps)
- Continuously refine and document SOC runbooks, playbooks, and standard operating procedures
- Prepare regular reporting for CISO and board-level audiences on SOC posture and key incidents
- Drive automation initiatives to improve analyst efficiency and reduce manual workload
What You’ll Need:
- 5–7 years of progressive cybersecurity experience, with at least 2 years in a SOC leadership or senior analyst role
- Proven hands-on experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, IBM QRadar)
- Strong background in incident response, digital forensics, and threat hunting
- Experience integrating or operating AI/ML-powered security tools (UEBA, NDR, AI-assisted SOAR)
- Deep understanding of attack frameworks: MITRE ATT&CK, Cyber Kill Chain, Diamond Model
- Proficiency in network forensics, log analysis, and endpoint investigation techniques
- Hands-on experience with SOAR platforms (e.g., Palo Alto XSOAR, Splunk SOAR, Microsoft Sentinel Playbooks)
- Working knowledge of cloud security monitoring (AWS, Azure, GCP) and cloud-native threat detection
- Scripting ability in Python, PowerShell, or KQL for automation and detection rule development
- Familiarity with threat intelligence platforms
- Exceptional communication skills — able to translate technical findings to non-technical executives
- Strong analytical thinking and ability to make sound decisions under pressure
- Proven ability to build, coach, and retain high-performing security teams
- Collaborative mindset with cross-functional stakeholders, including IT, Legal, and Risk
- Industry certifications: CISSP, CISM, GCIA, GCIH, GDAT, CEH, Microsoft SC-200, or equivalent
- Hands-on experience with Cyble Vision, Cyble CSPM, or equivalent AI-driven threat intelligence and attack surface management platforms
- Prior experience in a regulated industry (BFSI, healthcare, critical infrastructure)
- Familiarity with compliance frameworks: ISO 27001, NIST CSF, SOC 2, PCI-DSS
- Exposure to red team / purple team engagements and adversary simulation exercises
- Experience with deception technologies, honeypots, or active defence strategies
