Lead - SOC Analyst

📋 Description

• • Own the end-to-end architecture and evolution of Freshworks’ global Security Operations Center, translating complex threat intelligence into cloud-native detection logic that protects millions of users across AWS, Azure, and 100+ SaaS applications.
• • Lead a high-performing pod of SOC analysts and junior engineers, providing hands-on mentorship in advanced log analysis, threat hunting, and incident response while fostering a culture of continuous experimentation with AI/ML-driven security automation.
• • Design, tune, and deploy detection rules in our SIEM and cloud-native security tooling, mapping every alert to MITRE ATT&CK tactics, techniques, and procedures (TTPs) so that coverage gaps are visible and measurable.
• • Engineer and maintain a library of reusable, version-controlled playbooks in Palo Alto Cortex XSOAR that cut mean-time-to-respond (MTTR) by automatically enriching alerts, isolating compromised hosts, and orchestrating cross-tool containment actions.
• • Build and validate supervised and unsupervised ML models that classify phishing campaigns, detect living-off-the-land techniques, and predict attacker lateral movement, then surface these insights to analysts through low-noise dashboards.
• • Drive “agentic analyst” initiatives—AI agents that triage alerts, correlate related incidents, draft executive summaries, and recommend next-best actions—freeing human analysts to focus on novel threats and strategic improvements.
• • Establish SOC BAU excellence: define SLAs/SLOs for alert triage, incident response, threat hunting, and threat-intel ingestion; instrument KPIs such as dwell time, false-positive rate, and playbook success rate; and present monthly metrics to C-level stakeholders.
• • Partner with DevOps, Cloud Engineering, and Product Security teams to embed security telemetry early in the SDLC, ensuring every microservice, container, and serverless function emits high-fidelity logs that feed our detection pipeline.
• • Continuously red-team your own detections by running purple-team exercises, adversary emulation plans, and chaos engineering drills, then iterate on gaps discovered during these simulations.
• • Stay ahead of the threat curve by attending conferences, contributing to open-source security projects, and publishing threat research that elevates Freshworks’ brand as a security thought leader.
• • Champion a blameless post-mortem culture where every missed alert or false positive becomes a learning opportunity that hardens our defenses and sharpens our skills.