Incident Manager

The Security Operations & Incident Response professional will be responsible for orchestrating enterprise-wide incident response strategies across both OT and IT environments. The role demands deep operational expertise, the ability to coordinate with threat intelligence, forensics, red/blue teams, and the vision to continuously evolve detection and response capabilities in line with emerging threats. The role demands leadership in defending critical infrastructure, industrial networks, and enterprise systems.

• Lead and manage triage activities
• Lead post-incident RCA reviews, reporting, and feedback loops to enhance readiness
• Drive detection engineering efforts to improve alert quality, correlation logic, and MITRE ATT&CK mapping
• Ensure tight integration between SOC operations, threat intelligence, DFIR, and red/blue teams
• Oversee real-time incident handling, escalation management, and response coordination for cyber threats, breaches, and anomalies
• Design and maintain incident response runbooks, playbooks, SLA matrices, and crisis communication protocols
• Manage relationships with OEMs, MSSPs, and security product vendors for technology alignment
• Ensure compliance with security and privacy standards (e.g., NIST, IEC 62443, ISO 27001, DPDP Act)
• Act as the primary escalation point during high-severity incidents, ensuring containment and rapid resolution
• Mentor SOC managers, team leads, and analysts to build a resilient and responsive operations team
• Implement continuous improvement programs in MTTR, false positive reduction, and analyst productivity
• Consulting firms with cyber defence practices (e.g., Big 4)

• Strategic thinker with an operations-first mindset and execution rigor
• Calm, decisive, and clear-headed in crisis and high-pressure scenarios
• Deep expertise in SIEM (e.g., Splunk, QRadar, LogRhythm, SentinelOne), SOAR platforms, EDR/XDR tools, threat intelligence platforms
• Bachelor’s or Master’s in Cybersecurity, Computer Science, or Engineering
• Proven ability to lead multi-location teams with cultural sensitivity and high performance
• Preferred certifications: CISSP, CISM, GCIA, GCIH, or SOC-related credentials
• Strong stakeholder engagement and communication skills across technical and executive levels
• Continuous learner with a growth mindset and passion for cybersecurity excellence
• OT and IT OEMs
• Familiarity with OT SOC environments, ICS protocol detection (Modbus, DNP3), and industrial anomaly detection tools (e.g., Nozomi, Claroty)
• 12 + years of cybersecurity experience, with at least 6 years in SOC/IR leadership roles
• Familiarity with MITRE ATT&CK, cyber kill chain, and threat hunting techniques
• Strong knowledge of network security, log analysis, endpoint telemetry, and OT-specific telemetry correlation
• Scripting and automation exposure (Python, PowerShell, Bash) preferred
• Experience managing global SOC operations or OT-specific cyber operations is a strong plus
• Knowledge of OT security architectures including SCADA, PLCs, DCS, and OT network segmentation