- Lead and manage 24x7 SOC operations and security monitoring activities.
- Develop and implement SOC processes, procedures, and operational metrics.
- Ensure timely triage, analysis, escalation, and resolution of security incidents.
- Drive operational excellence through process optimization and automation.
- Manage SOC analysts, incident responders, and threat hunters.
- Lead cyber incident response activities for security breaches, malware, ransomware, phishing, insider threats, and advanced persistent threats (APTs).
- Coordinate containment, eradication, recovery, and post-incident reviews.
- Develop and maintain Incident Response Plans, Playbooks, and Runbooks.
- Conduct root cause analysis and lessons learned exercises.
- Collaborate with legal, compliance, IT, and executive leadership during major incidents.
- Build and mature proactive threat hunting capabilities.
- Develop threat-hunting hypotheses based on intelligence and adversary tactics.
- Perform endpoint, network, cloud, and log-based threat hunting activities.
- Identify stealthy threats, attacker behaviors, and indicators of compromise (IOCs).
- Recommend detection improvements from hunting findings.
- Establish and manage Cyber Threat Intelligence (CTI) programs.
- Analyze emerging threats, adversary tactics, techniques, and procedures (TTPs).
- Integrate threat intelligence feeds into SOC operations and SIEM platforms.
- Produce actionable intelligence reports for technical and leadership teams.
- Track global threat actors, vulnerabilities, and industry-specific cyber risks.
- Design, implement, and continuously improve threat detection use cases.
- Develop SIEM detection rules, correlation searches, and analytics.
- Tune alerts to reduce false positives and improve detection effectiveness.
- Map detections to MITRE ATT&CK framework.
- Work with threat hunters and incident responders to enhance visibility and detection coverage.
- Manage SIEM, EDR, NDR, SOAR, and Threat Intelligence platforms.
- Ensure log onboarding, normalization, and retention requirements are met.
- Monitor cloud, endpoint, network, and application security events.
- Drive automation and orchestration initiatives to improve SOC efficiency.
- Support compliance frameworks such as ISO 27001, NIST CSF, PCI DSS, CIS Controls, SOC2, and GDPR.
- Report cybersecurity posture, KPIs, KRIs, and incident trends to senior management.
- Participate in audits, assessments, and regulatory reviews.
- Mentor and develop SOC analysts and cybersecurity professionals.
- Conduct performance reviews and training programs.
- Build career development and succession plans within the SOC team.
- Foster a culture of continuous learning and operational excellence.
- 8+ years of Cybersecurity experience.
- 3–5+ years of SOC leadership or managerial experience.
- Experience managing enterprise SOC environments and incident response engagements.
- Experience with cloud security monitoring and multi-cloud environments preferred.
- SIEM: Microsoft Sentinel, Splunk, QRadar, ArcSight, LogRhythm
- EDR/XDR: Microsoft Defender, CrowdStrike, SentinelOne, Carbon Black
- SOAR: Palo Alto XSOAR, Splunk SOAR, Microsoft Sentinel Automation
- Threat Intelligence Platforms (TIP)
Network Security, IDS/IPS, Firewall
Skills Required
- 8+ years of cybersecurity experience
- 3-5+ years of SOC leadership or managerial experience
- Experience managing enterprise SOC environments and incident response engagements
- Experience with cloud security monitoring and multi-cloud environments
- SIEM experience (Microsoft Sentinel, Splunk, QRadar, ArcSight, LogRhythm)
- EDR/XDR experience (Microsoft Defender, CrowdStrike, SentinelOne, Carbon Black)
- SOAR experience (Palo Alto XSOAR, Splunk SOAR, Microsoft Sentinel Automation)
- Threat Intelligence Platform (TIP) experience
- Network security experience including IDS/IPS and firewalls
What We Do
KPMG entities in India are established under the laws of India and are owned and managed (as the case may be) by established Indian professionals. Established in September 1993, the KPMG entities have rapidly built a significant competitive presence in the country. Today we operate from offices across 14 cities including in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. KPMG entities have a domestic client base of over 2700 companies. Our global approach to service delivery helps provide value-added services to clients. Our differentiation is derived from a rapid performance-based, industry-tailored and technology-enabled business advisory services delivered by some of the leading talented professionals in the country. KPMG professionals are grouped by industry focus and our clients are able to deal with industry professionals who speak their language. Our internal information technology and knowledge management systems enable the delivery of informed and timely business advice to clients.








