Security Operations & Monitoring (Core Responsibility)
+Lead and operate the SOC function using:
- Microsoft Sentinel and/or Splunk as SIEM
- Microsoft Defender suite (Defender for Endpoint, Identity, Cloud, Office 365)
- Integrate and operate monitoring from:
- Grafana & Prometheus for infrastructure and service telemetry
- Infrastructure, cloud workloads, applications, and endpoints
+Define and maintain:
- SOC runbooks and incident playbooks
- Alert triage, escalation, and response workflows
+Ensure effective correlation between:
- Infrastructure metrics
- Security logs
- Application- level signals
Incident Response & Threat Handling
+Act as incident owner and commander for security incidents.
+Manage response to:
- Endpoint compromise
- Data leakage and insider threats
- Identity- based attacks (AAD / Entra ID)
- Cloud misconfiguration incidents
+Coordinate with:
- External vendors or MSSPs (if applicable)
- Infrastructure / Cloud / DevOps teams
+Lead post- incident RCA, lessons learned, and preventive action tracking.
Asset Management & Security Ticket Operations
+Own security- related asset inventory, including:
- End- user devices (managed via Microsoft Intune)
- Servers, VMs, cloud resources, and network devices
+Ensure asset lifecycle alignment with:
- Security classification
- Risk ownership
- ISO asset management controls
+Operate and govern:
- SLAs, escalation rules, and closure quality
- Security ticket queue (incident, vulnerability, audit findings)
+Integrate SOC alerts with:
- ITSM / ticketing systems (e.g., Jira, ServiceNow, Azure DevOps)
Vulnerability Management
+Own the vulnerability management lifecycle, including:
- Discovery, prioritization, remediation, and verification
+Operate vulnerability scanning tools across:
- Applications
- Endpoints
- Servers
- Cloud workloads
+Collaborate with DevOps teams using:
- SonarQube for code- level security and technical debt
- CI/CD pipelines to shift security left
+Track and report:
- Vulnerability aging
- Risk acceptance
- Remediation effectiveness
Endpoint, Identity & Zero Trust Security
+Enforce endpoint security using:
- Microsoft Intune (compliance, device health, conditional access)
- Microsoft Defender for Endpoint
+Oversee:
- MFA, Conditional Access, Privileged Identity Management (PIM)
- Identity & Access Management (Microsoft Entra ID)
+Align security operations with Zero Trust principles.
Cloud & Hybrid Security Operations
+Govern security posture for:
- Azure (primary)
- AWS / GCP (if applicable)
+Use Defender for Cloud and CSPM practices to:
- Monitor misconfigurations
- Track compliance posture
+Collaborate with platform teams on:
- Kubernetes and container security (if applicable)
- Secure baseline definitions
Compliance, ISO & Audit Ownership
+Own and operate ISO 27001 security controls from an operational standpoint.
+Maintain:
- Risk assessments and treatment plans
- Policies, procedures, and evidence
+Act as security focal point for:
- Penetration test findings
- ISO audits
- Client security audits and questionnaires
+Ensure continuous compliance, not audit- only readiness.
Reporting, Metrics & Continuous Improvement
+Define and report SOC KPIs, such as:
- Incident trends
- Compliance status
- MTTD / MTTR
- Vulnerability exposure
+ Build executive- level security dashboards using:
- Sentinel / Splunk
- Grafana
+Drive SOC maturity roadmap, automation, and tool optimization.
