Lead SOC Specialist

Thank you for your interest in joining Solventum. Solventum is a new healthcare company with a long legacy of solving big challenges that improve lives and help healthcare professionals perform at their best. At Solventum, people are at the heart of every innovation we pursue. Guided by empathy, insight, and clinical intelligence, we collaborate with the best minds in healthcare to address our customers’ toughest challenges. While we continue updating the Solventum Careers Page and applicant materials, some documents may still reflect legacy branding. Please note that all listed roles are Solventum positions, and our Privacy Policy: https://www.solventum.com/en-us/home/legal/website-privacy-statement/applicant-privacy/ applies to any personal information you submit. As it was with 3M, at Solventum all qualified applicants will receive consideration for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Job Description:

The Impact You’ll Make in this Role

As a Lead SOC Specialist on the Solventum Security Operations Center (SOC) team, you will provide operational leadership, ensure consistent execution of detection and response activities, and drive alignment across Security Operations, CIRT, and engineering teams. In this role, you will:

• Lead day‑to‑day SOC operations, ensuring effective alert triage, event correlation, incident escalation, and workload distribution across the team.

• Oversee complex investigations, coordinating efforts across SOC, CIRT, Security Engineering, Identity, Endpoint, Network, Cloud, and IT teams to ensure a timely, thorough, and well‑documented response.

• Review and validate work produced by SOC analysts, providing coaching, technical feedback, and formal quality assurance to maintain high investigative standards.

• Manage security vendor relationships, escalations, and operational engagements.

• Own the development, approval, and continuous improvement of SOC procedures, runbooks, and operational playbooks.

• Evaluate SOC performance metrics and operational trends to identify gaps, optimize workflows, and strengthen overall SOC maturity.

• Participate in the assessment and selection of new SOC technologies, providing recommendations grounded in operational requirements and practical usability.

• Drive cross-functional initiatives to improve detection logic, response workflows, and SOC tooling effectiveness.

• Partner with Security Engineering to refine SIEM (Splunk) content, correlation rules, dashboards, and advanced analytics to enhance SOC visibility and decision making.

• Oversee SOAR (Swimlane) automation strategies, ensuring playbooks align to operational goals, reduce analyst workload, and deliver consistent response actions.

• Serve as a key operational SME and escalation point for SOC activities across the organization.

• Represent SOC in cross-functional programs, security reviews, and enterprise-wide initiatives requiring operational security expertise.
   

Your skills & expertise (Minimum qualifications):

• Bachelor’s degree or higher in Information Security, Information Technology, Computer Science, Engineering, or a related field, or equivalent experience.

• 7+ years of experience in SOC operations, security monitoring, threat detection, or similar cybersecurity technical roles.

• Advanced hands‑on experience with Splunk including queries, correlation rules, dashboards, and detection tuning.

• Experience with Swimlane or other SOAR platforms, including playbook execution and workflow troubleshooting.

• Deep understanding of SIEM/SOAR concepts, log analysis, alert triage, threat hunting, and security event correlation.

• Strong understanding of attacker behavior, MITRE ATT&CK, threat vectors, and incident response workflows.

• Experience with cloud threat detection and response (AWS, Azure, GCP).

• Proven ability to lead complex investigations, guide analysts, and solve multi-layered problems requiring expert judgment.

• Excellent written and verbal communication skills, with the ability to present findings to technical and non‑technical audiences.

• Ability to work flexible hours, including evenings, nights, weekends, and participation in an after-hours on-call rotation to provide critical support coverage as needed.
   

Additional qualifications (Nice to have):

• Industry certifications such as GCIA, GCIH, GCDA, GDAT, GCTI, GCFA, GSEC, Splunk, SOAR or equivalent.

• Experience developing SIEM detections, threat hunting queries, automated response logic, or enrichment pipelines.

• Experience with endpoint security tools, identity threat detection, or network security platforms.

• Experience implementing agentic SOC capabilities.

• Experience mentoring or coaching others in a SOC environment.
   

Work location: Bangalore - Hybrid

   

Solventum is committed to maintaining the highest standards of integrity and professionalism in our recruitment process.  Applicants must remain alert to fraudulent job postings and recruitment schemes that falsely claim to represent Solventum and seek to exploit job seekers.

Please note that all email communications from Solventum regarding job opportunities with the company will be from an email with a domain of @solventum.com. Be wary of unsolicited emails or messages regarding Solventum job opportunities from emails with other email domains.

Please note: your application may not be considered if you do not provide your education and work history, either by: 1) uploading a resume, or 2) entering the information into the application fields directly.

Solventum Global Terms of Use and Privacy Statement

Carefully read these Terms of Use before using this website. Your access to and use of this website and application for a job at Solventum are conditioned on your acceptance and compliance with these terms.

Please access the linked document by clicking here. Before submitting your application you will be asked to confirm your agreement with the
terms.