Infosec - Technical Lead

Zoetis, Inc. is the world's largest producer of medicine and vaccinations for pets and livestock.
Join us at Zoetis India Capability Center (ZICC) in Hyderabad, where innovation meets excellence. As part of the world's leading animal healthcare company, ZICC is at the forefront of driving transformative advancements and applying technology to solve the most complex problems. Our mission is to ensure sustainable growth and maintain a competitive edge for Zoetis globally by leveraging the exceptional talent in India.

At ZICC, you'll be part of a dynamic team that partners with colleagues worldwide, embodying the true spirit of One Zoetis. Together, we ensure seamless integration and collaboration, fostering an environment where your contributions can make a real impact. Be a part of our journey to pioneer innovation and drive the future of animal healthcare.

The ZICC Information Security (InfoSec) Technical Lead is responsible for delivering critical security functions, including Security Operations, Vulnerability Management, Threat Intelligence, Data Protection, Security Awareness, and Operational Technology (OT) security at the Zoetis India Capability Center (ZICC). As a hands-on technical expert, this role provides leadership in security operations and engineering, collaborating with a team of 25-30 security professionals to implement, optimize and continuously enhance security initiatives in alignment with global strategies and business needs.

This role emphasizes technical execution across threat detection, incident response, and risk mitigation activities. Key responsibilities include managing and remediating security incidents, refining threat intelligence workflows, enhancing proactive security scanning, and advancing security monitoring, automation, and enterprise defense capabilities. The technical lead will work closely with IT, business teams, and manufacturing environments, providing in-depth technical expertise to support service leads in executing security initiatives, assessing risks, and strengthening data protection frameworks.  The technical lead ensures Zoetis's security capabilities remain resilient against evolving cyber threats while maintaining alignment with business objectives and regulatory compliance. This role reports directly to the ZICC Information Security Program Lead and plays a key role in advancing the organization’s global cybersecurity posture through collaborative execution and technical leadership.

POSITION RESPONSIBILITIES

• Review and oversee 24/7/365 SOC operations, ensuring efficient threat detection, triaging, response, and remediation. Collaborate closely with Threat Intelligence, Vulnerability Management, and Incident Response teams to proactively mitigate emerging threats and vulnerabilities.
• Provide hands-on leadership to a team of L1 and L2 security analysts and engineers, mentoring them in technical execution, incident analysis, and security tooling optimization to drive operational excellence across Security Operations, Vulnerability Management, and Data Protection.
• Develop and maintain security reporting, KPIs, and dashboards for senior leadership, providing technical insights into SOC, Vulnerability Management, DLP, CASB, OT Security, and Threat Intelligence performance while continuously identifying areas for improvement.
• Lead all technical aspects of security incident investigations within the SOC, ensuring rapid containment, remediation, and recovery while working in collaboration with Threat Intelligence, OT Security, and DLP teams to mitigate risks across IT and OT environments.
• Conduct root cause analysis and forensic investigations, working with the IR/SOC team to refine detection methodologies, improve response workflows, and prevent future security incidents.
• Develop and enhance security policies, procedures, and playbooks, focusing on standardizing technical operations across Security Operations, Data Protection, Vulnerability Management, and OT Security, ensuring alignment with industry best practices.
• Oversee the deployment, integration, and continuous tuning of security technologies such as SIEM, EDR, SOAR, and DLP/CASB, ensuring optimal configuration to support threat detection, response, and data protection initiatives.
• Enhance SIEM content development, creating high-fidelity alerts that align with SOC, Threat Intelligence, and OT Security objectives, while optimizing alert tuning and reducing false positives.
• Ensure effective log ingestion, correlation, and analysis from critical infrastructure, applications, cloud, and OT environments, enabling SOC teams to detect and respond to threats effectively.
• Lead technical integrations between SIEM, EDR, SOAR, threat intelligence platforms, and DLP solutions, improving automated response, security visibility, and data protection measures.
• Drive vulnerability scanning initiatives, collaborating with the Vulnerability Management lead to integrate findings into threat detection, risk mitigation, and remediation workflows.
• Identify and implement automation opportunities, optimizing SOC workflows, security awareness, and remediation through SOAR and automation frameworks.
• Improve threat hunting methodologies and detection engineering, leveraging insights from Threat Intelligence and SOC teams to enhance detection efficacy and response times.
• Ensure seamless coordination with Threat Intelligence teams, integrating intelligence feeds into SIEM, SOAR, and EDR platforms to proactively detect and defend against emerging threats.
• Collaborate with Zoetis leads and external vendors to conduct red/purple team exercises and tabletop simulations, working with SOC and Vulnerability Management teams to strengthen detection, response, and overall security preparedness.
• Support Security Awareness initiatives, partnering with the Security Awareness team to drive phishing simulations, targeted security training, and awareness campaigns to improve end-user security behavior.
• Work closely with IDAM, IT, Infrastructure, Cloud, and Networking teams to integrate security controls, enhance vulnerability remediation, and embed security best practices into system architecture and operations.
• Evaluate and recommend new security tools and technologies, assessing their technical impact on SOC, Vulnerability Management, Threat Intelligence, and Data Protection strategies while ensuring seamless integration with existing security operations. 100%

ORGANIZATIONAL RELATIONSHIPS

• Take direction from the ZICC based InfoSec Program Lead and US-Based Head of Information Security
• Close interaction with the US-based InfoSec team
• Part of global Technology Risk Management organization, reporting to CISO
• Interacting with ZTD Infrastructure teams, especially Platform Services, IT Service Desk & Site Services, Global Network Services and Digital Workplace Services teams.
• Interacting with external vendors or partners who provide software, services, or APIs that need to be integrated with IDAM systems. This collaboration includes establishing integration requirements, negotiating contracts and facilitating technical integration.
• Work with implementation partners who may be responsible for deploying, configuring, or maintaining integrated solutions within the client's IT landscape.

Supervision
Approximately 25-30 ZICC colleague members of the InfoSec team.

EDUCATION AND EXPERIENCE
Education:
• University Degree in Computer Science/ Information Systems/Business Administration or science related field is required
• A Master’s degree or advanced security certifications (e.g., CISSP, CISM, CRISC) are desirable.
• Relevant certifications in infrastructure security and vendor tools, such as CrowdStrike, Palo Alto, Tenable, Symantec, Netskope, CASB etc., are highly preferred.
•
Experience:
• 13+ years of hands-on experience in Security Operations, security engineering, and security architecture, with a proven track record of leading complex security investigations, designing security monitoring frameworks, optimizing security operations at scale, and driving strategic improvements across SOC, Vulnerability Management, OT Security, DLP, and Security Awareness initiatives.
• Extensive expertise in security technologies, including SIEM, EDR, SOAR, and DLP solutions, with hands-on experience in CrowdStrike SIEM, CrowdStrike IDP, FireEye, Palo Alto, Tenable, Symantec DLP, Netskope, and other enterprise security platforms, ensuring seamless integration with SOC, OT Security, and Data Protection strategies.
• Advanced threat detection and incident response skills, including expertise in malware analysis, adversary emulation, and behavioral analytics to detect and mitigate sophisticated cyber threats across IT and OT environments.
• Experience leading Vulnerability Management initiatives, aligning scanning programs with SOC threat detection, risk mitigation, and remediation workflows, ensuring vulnerabilities are prioritized effectively based on threat intelligence and business impact.
• Hands-on experience in OT Security, collaborating with IT, Engineering, and Operations teams to secure industrial control systems (ICS), SCADA environments, and critical infrastructure, ensuring visibility, threat monitoring, and risk mitigation in alignment with SOC and Incident Response workflows.
• Strong background in Data Loss Prevention (DLP) strategy and implementation, integrating DLP policies and controls with SOC monitoring to detect and prevent data exfiltration, insider threats, and unauthorized access across endpoints, cloud, and email security solutions.
• Expertise in security awareness and phishing simulation programs, partnering with Security Awareness teams to drive ethical phishing campaigns, targeted training, and user behavior analytics and reducing overall risk.
• Experience collaborating with red/purple teams to validate and refine detection capabilities, develop custom detection rules, and improve defensive strategies through adversary simulation exercises that enhance SOC, OT Security, and DLP defenses.
• Strong background in threat intelligence integration, including IOC/IOA enrichment, threat modeling, and proactive threat detection based on MITRE ATT&CK, leveraging intelligence feeds to enhance SOC, OT, and vulnerability response capabilities.
• Deep proficiency in security automation, including designing and implementing SOAR workflows, automating vulnerability remediation processes, and leveraging API integrations to streamline SOC, DLP, and OT Security/
• Expert knowledge of log analysis and correlation, leveraging big data analytics techniques to extract meaningful security insights from large-scale log sources across IT, OT, cloud, and enterprise environments, ensuring effective SOC monitoring and incident response.
• Strong understanding of security policy, governance, and compliance frameworks, including ISO 27001, NIST, CIS, and industry-specific regulatory requirements, ensuring alignment with security, vulnerability management, and data protection best practices.
• Extensive experience managing security tool lifecycles, including policy tuning, rule development, agent deployment, and performance optimization for endpoint security, network security, OT security, and DLP solutions, ensuring alignment with enterprise risk management and security operations goals.
• Experience working in regulated industries (pharmaceutical, healthcare, manufacturing), with an understanding of unique security challenges, data protection regulations, and compliance requirements across SOC, OT Security, DLP, and Vulnerability Management disciplines.

TECHNICAL SKILLS REQUIREMENTS

• Expert-level ability to analyze and interpret complex security events across SOC, Vulnerability Management, OT Security and Threat Intelligence, correlating data from multiple security tools (SIEM, EDR, IDS/IPS, DLP, vulnerability scanners) to identify emerging threats, minimize false positives and enhance detection accuracy.
• Deep experience in security automation and orchestration (SOAR), including designing, deploying and optimizing automated incident response workflows, vulnerability remediation processes and data protection controls, improving operational efficiency across SOC, Vulnerability, OT Security, Security Awareness, Threat Intel and DLP.
• Proficiency in developing, tuning and maintaining threat detection rules, anomaly-based detections and behavioral analytics in SIEM and EDR platforms, ensuring high-fidelity alerting for SOC, OT Security and Threat Intelligence initiatives while reducing noise.
• Advanced knowledge of threat modeling, IOC/IOA management and adversary tactics (MITRE ATT&CK, Cyber Kill Chain), leveraging intelligence to strengthen proactive threat hunting, vulnerability prioritization and security awareness training efforts.
• Hands-on experience with incident response and forensic analysis, including triaging escalated incidents, root cause analysis, malware analysis and memory/network forensics, ensuring rapid containment and remediation across IT and OT environments.
• Expertise in log aggregation, parsing and correlation across enterprise and OT environments, leveraging advanced query languages (CrowdStrike KQL, Cribl) to optimize log ingestion, threat detection, vulnerability reporting and security awareness insights.
• Strong leadership in SOC governance and strategic planning, driving maturity across SOC, Threat Intelligence, and Vulnerability Management through KPI tracking, process improvements, and alignment with cybersecurity frameworks (e.g., NIST, CIS, ISO 27001).
• Deep understanding of identity-based threats, privileged access abuse, lateral movement detection and risk-based authentication, integrating these capabilities into SOC.
• Proven experience integrating security tools (SIEM, EDR, SOAR, Firewalls, Threat-Intel Feeds, DLP, vulnerability scanners) through APIs and automation frameworks, driving a more cohesive, proactive security posture across SOC, OT Security and Data Protection programs.
• Ability to assess and continuously improve SOC, Vulnerability and OT Security efficiency, optimizing incident response workflows, security playbooks, escalation protocols and collaboration processes across IT and security teams.
• Experience handling security tool lifecycle management, ensuring the availability, performance and continuous enhancement of SIEM, EDR, DLP, CASB and OT Security platforms, while driving operational efficiency and risk reduction.
• Strong leadership, coaching and mentorship abilities, with experience guiding global teams, upskilling analysts and fostering collaboration across SOC, Vulnerability Management, Threat Intelligence, Data Loss & Prevention,  Security Awareness and OT Security teams.
• Ability to thrive in high-pressure, mission-critical environments, leading security operations with resilience, precision and a proactive mindset to defend against evolving cyber threats.
• Deep understanding of threat modeling, IOC management, advanced detection techniques and how they intersect with security awareness programs to improve user education and response preparedness.
• Ability to work in a fast-paced, high-pressure environment, prioritizing SOC, Vulnerability and Data Loss Prevention tasks effectively to align with business risk and security objectives.
• Strong leadership and communication skills, with experience working in a global, matrixed organization, ensuring alignment across Security Operations, Threat Intelligence, Security Awareness, Vulnerability Management and Identity & Access Management (IDAM).
• Ability to foster cross-functional collaboration between security, IT, OT and business teams, ensuring a unified approach to threat detection, risk mitigation, identity governance and enterprise-wide security awareness.

PHYSICAL POSITION REQUIREMENTS

 Availability to work between 1pm IST to 10pm IST hours (minimum 3 hours of daily overlap with US ET Time zone).