Niyuk

Navigation

Light mode
logo

AI SOC Lead

Cyble(Other)

Job Publish Date: 19 hours ago

Bengaluru, IndiaFull Time4 - 6 YearsWork From OfficeSource : Foundit

Job Description

About The Role

We are looking for a seasoned SOC Lead who can blend deep cybersecurity expertise with a forward-thinking approach to AI-driven detection and response. In this leadership role, you will be the linchpin between frontline analysts and executive stakeholders — driving operational excellence, championing AI/ML tooling, including Cyble's own intelligence platform, and ensuring threats are detected, triaged, and contained with speed and precision.

You will own the SOC's day-to-day operations while continuously elevating the team's capabilities through automation, threat intelligence, and a culture of continuous improvement.

What You'll Do At CYBLE

Leadership & Operations

  • Lead, mentor, and develop a team of SOC analysts (Tier 1–3), fostering a high-performance security culture
  • Oversee 24×7 SOC operations, ensuring coverage, SLA adherence, and escalation procedures are consistently followed
  • Act as the primary point of escalation for complex or high-severity incidents
  • Conduct regular team reviews, shift handovers, and post-incident retrospectives

AI-Augmented Detection & Response

  • Champion the adoption of AI/ML tools for behavioural analytics, anomaly detection, and threat correlation — including Cyble's AI-powered threat intelligence platform
  • Leverage Cyble Vision and Cyble's dark web intelligence feeds to enrich detection use cases and proactively identify emerging threats
  • Integrate and tune AI-powered SIEM, SOAR, and EDR platforms to reduce false positives and improve detection fidelity
  • Develop and maintain AI-assisted playbooks for automated triage and initial response actions
  • Evaluate emerging AI security products and recommend adoptions aligned to the threat landscape
  • Monitor AI model performance and ensure explainability and auditability of automated decisions

Threat Detection & Triage

  • Oversee alert triage workflows, ensuring timely and accurate classification of security events
  • Develop and maintain detection rules, correlation logic, and use cases across SIEM and XDR platforms
  • Establish triage SLAs and quality benchmarks; regularly audit analyst triage accuracy
  • Leverage threat intelligence feeds to continuously refine detection coverage and reduce dwell time

Incident Response

  • Lead end-to-end incident response for critical and high-severity security incidents
  • Coordinate containment, eradication, and recovery activities in line with the IR framework
  • Produce clear, executive-level incident reports and root cause analyses (RCAs)
  • Conduct post-incident reviews and drive lessons-learned into process and detection improvements
  • Liaise with legal, compliance, and external stakeholders during significant breaches

Process Improvement & Reporting

  • Define and track key SOC metrics (MTTD, MTTR, false positive rates, coverage gaps)
  • Continuously refine and document SOC runbooks, playbooks, and standard operating procedures
  • Prepare regular reporting for CISO and board-level audiences on SOC posture and key incidents
  • Drive automation initiatives to improve analyst efficiency and reduce manual workload

Experience

What You'll Need:

  • 4–6 years of progressive cybersecurity experience, with at least 2 years in a SOC leadership or senior analyst role
  • Proven hands-on experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, IBM QRadar)
  • Strong background in incident response, digital forensics, and threat hunting
  • Experience integrating or operating AI/ML-powered security tools (UEBA, NDR, AI-assisted SOAR)

Technical Skills

  • Deep understanding of attack frameworks: MITRE ATT&CK, Cyber Kill Chain, Diamond Model
  • Proficiency in network forensics, log analysis, and endpoint investigation techniques
  • Hands-on experience with SOAR platforms (e.g., Palo Alto XSOAR, Splunk SOAR, Microsoft Sentinel Playbooks)
  • Working knowledge of cloud security monitoring (AWS, Azure, GCP) and cloud-native threat detection
  • Scripting ability in Python, PowerShell, or KQL for automation and detection rule development
  • Familiarity with threat intelligence platforms

Soft Skills & Leadership

  • Exceptional communication skills — able to translate technical findings to non-technical executives
  • Strong analytical thinking and ability to make sound decisions under pressure
  • Proven ability to build, coach, and retain high-performing security teams
  • Collaborative mindset with cross-functional stakeholders, including IT, Legal, and Risk

Bonus Points If You Have

  • Industry certifications: CISSP, CISM, GCIA, GCIH, GDAT, CEH, Microsoft SC-200, or equivalent
  • Hands-on experience with Cyble Vision, Cyble CSPM, or equivalent AI-driven threat intelligence and attack surface management platforms
  • Prior experience in a regulated industry (BFSI, healthcare, critical infrastructure)
  • Familiarity with compliance frameworks: ISO 27001, NIST CSF, SOC 2, PCI-DSS
  • Exposure to red team / purple team engagements and adversary simulation exercises
  • Experience with deception technologies, honeypots, or active defence strategies

Key Skills

AI ML toolsCloud security monitoringEndpoint investigation techniquesLog Analysisnetwork forensicsSIEM platformsSOAR platformsThreat intelligence platforms

Maximize your interview chances

Create tailored professional resumes in minutes using AI

AI SOC Lead at Cyble | NiyukJobs