AGM Security Operations & Incident Response

• Oversee real-time incident handling, escalation management, and response coordination for cyber threats, breaches, and anomalies 
• Act as the primary escalation point during high-severity incidents, ensuring containment and rapid resolution 
• Design and maintain incident response runbooks, playbooks, SLA matrices, and crisis communication protocols 
• Lead and manage triage activities 
• Ensure tight integration between SOC operations, threat intelligence, DFIR, and red/blue teams 
• Drive detection engineering efforts to improve alert quality, correlation logic, and MITRE ATT&CK mapping 
• Implement continuous improvement programs in MTTR, false positive reduction, and analyst productivity 
• Lead post-incident RCA reviews, reporting, and feedback loops to enhance readiness 
• Manage relationships with OEMs, MSSPs, and security product vendors for technology alignment 
• Mentor SOC managers, team leads, and analysts to build a resilient and responsive operations team 
• Ensure compliance with security and privacy standards (e.g., NIST, IEC 62443, ISO 27001, DPDP Act) 
• Deep expertise in SIEM (e.g., Splunk, QRadar, LogRhythm, SentinelOne), SOAR platforms, EDR/XDR tools, threat intelligence platforms 
• Strong knowledge of network security, log analysis, endpoint telemetry, and OT-specific telemetry correlation 
• Familiarity with MITRE ATT&CK, cyber kill chain, and threat hunting techniques 
• Knowledge of OT security architectures including SCADA, PLCs, DCS, and OT network segmentation 
• Scripting and automation exposure (Python, PowerShell, Bash) preferred 
• Familiarity with OT SOC environments, ICS protocol detection (Modbus, DNP3), and industrial anomaly detection tools (e.g., Nozomi, Claroty) 

Leadership & Personality Traits: 

• Strategic thinker with an operations-first mindset and execution rigor 
• Calm, decisive, and clear-headed in crisis and high-pressure scenarios 
• Strong stakeholder engagement and communication skills across technical and executive levels 
• Proven ability to lead multi-location teams with cultural sensitivity and high performance 
• Continuous learner with a growth mindset and passion for cybersecurity excellence 

Preferred Industry Background: 

• Large industrial conglomerates (Power, Ports, Renewables, Mining, Airports) 
• OT and IT OEMs 
• MSSPs, SOC service providers 
• Consulting firms with cyber defence practices (e.g., Big 4) 

• Bachelor’s or Master’s in Cybersecurity, Computer Science, or Engineering 
• Preferred certifications: CISSP, CISM, GCIA, GCIH, or SOC-related credentials 
• 12 + years of cybersecurity experience, with at least 6 years in SOC/IR leadership roles 
• Experience managing global SOC operations or OT-specific cyber operations is a strong plus