Sr. Lead - SOC

Mumbai

About Us: Tata Digital is a future-ready company that focuses on creating consumer-centric, high-engagement digital products. By creating a holistic presence across various touchpoints, we aim to be the trusted partner of every consumer and delight them by powering a rewarding life. The company's debut offering, Tata Neu, provides an integrated rewards experience across various consumer categories like groceries, fashion and electronics, travel and hospitality, health and fitness, and financial services on a single platform. Founded in 2019, Tata Digital Private Limited is a wholly owned subsidiary of Tata Sons Private Limited.

Our Culture: We cultivate a culture of innovation, inclusion for all employees and respect their individual strengths, views, and experiences. We thrive on the diversity of our talent in all forms and see it as a strength in building high performance teams across brands. As we rewrite commerce in India, change is the only constant in our day to day lives.

Role Overview: SOC Lead will cover all aspects of SIEM engineering, Threat hunting and Incident response in Tata Digital Pvt Ltd. The Lead should have 10+ years of experience, a minimum of 3 years in SOC monitoring and 5 years in security engineering and threat hunting, new SIEM integrations, troubleshooting the existing integrations, use cases development, finetuning and automation. The responsibilities of this role will be to work on day-to-day engineering tasks that are related to SIEM. In parallel SOC lead will be assessing SOC team’s daily operations to ensure compliance.

Key Responsibilities:

SIEM Engineering:

Architect, and manage enterprise-grade cloud SIEM platform.
Develop and tune detection rules, correlation logic, dashboards, and alerts based on MITRE ATT&CK and threat intel.
Establish logging standards across the organisation.
Carry out new SIEM integrations, analyze the logs, identify the anomalies, identify use-cases and create detection rules for SIEM alerts.
Carry out finetuning, alerts enrichment, create playbooks for auto-remediation, carry out quality checks.
Carry out daily checks on SIEM log sources and act on the missing sources, provide daily dashboards of SIEM health.
Define and document incident response playbooks and standard operating procedures.
Communicating with key business units for making recommendations on mitigation and prevention techniques.
Contribute and/or drive special projects by providing expertise, guidance, and leadership.

SOC Leadership & Operations:

Lead Tier 1–3 analysts in triage, investigation, and incident response.
Build and maintain threat hunting procedures and playbooks. Identify stealth APT vectors in environment.
Conduct regular threat simulations to test detection capability.
Collaborate with incident response, red team, and compliance teams for unified security posture.
Prepare advisories for employees and technical teams about emerging threats.

Qualifications:

Technical know-how on the organization’s application, system, network and infrastructure.
Deep understanding of technologies and architecture in a highly scalable enterprise cloud network.
Good understanding of logging mechanisms of Windows, Linux, and MAC OS platforms, networking.
In-depth knowledge of architecture, engineering, and operations of cloud SIEM platforms.
Expertise in playbooks and Logic apps creation in SIEM.
Expertise in Threat hunting.
Good communication skills to coordinate among various stakeholders of the organization.
Python / Powershell Scripting skills for automation.