Principal Information Security Engineer / SOC Lead VaporVM

Job Summary

We are seeking a highly experienced and results-driven Principal Information Security Engineer / SOC Lead to lead advanced cybersecurity operations, threat detection, and data protection initiatives. The ideal candidate will have deep expertise in SOC operations, SIEM, Microsoft XDR ecosystem, DLP, DevSecOps, and cloud security, with proven experience in leading teams, managing incidents, and strengthening enterprise security posture.

Key Responsibilities Sec

urity Operations & Incident Response

• Lead Tier-2 SOC operations, ensuring continuous monitoring and rapid response to security incidents
• Perform in-depth analysis of security alerts, logs, and threat intelligence feeds
• Conduct threat hunting using advanced tools such as Microsoft Defender XDR
• Lead incident response activities, including root cause analysis and forensic investigations
• Ensure timely escalation and resolution of incidents in line with SLA requirements

SIEM, XDR & Security Monitoring

• Design, deploy, and manage SIEM solutions (e.g., IBM QRadar, Microsoft Sentinel)
• Manage and optimize Microsoft XDR stack:
  
  • Microsoft Defender for Endpoint
  • Microsoft Defender for Identity
  • Microsoft Defender for Cloud
  • Microsoft Defender for O365
• Develop and fine-tune detection rules, use cases, and correlation logic
• Integrate threat intelligence feeds to enhance detection capabilities
• Maintain dashboards and reporting for management visibility

Data Loss Prevention (DLP) & Compliance

• Lead end-to-end DLP program, including strategy, deployment, and governance
• Define and manage DLP policies, classification, and data protection controls
• Handle DLP incidents, investigations, and remediation
• Ensure compliance with global data protection regulations (EU/US) and industry best practices
• Generate executive reports on DLP metrics, risks, and effectiveness

Cloud Security & DevSecOps

• Monitor and secure cloud environments (Azure, AWS) using tools like Azure Monitor and AWS CloudWatch
• Implement DevSecOps practices and integrate security into CI/CD pipelines
• Conduct code reviews and vulnerability assessments for secure application deployment
• Secure microservices architecture through authentication, authorization, and encryption

Vulnerability Management & Security Testing

• Perform Vulnerability Assessment & Penetration Testing (VAPT)
• Identify, assess, and remediate vulnerabilities across infrastructure and applications
• Conduct risk assessments and recommend mitigation strategies

Security Tools & Infrastructure Management

• Manage and optimize enterprise security tools including:
  
  • Imperva WAF (web application protection)
  • CyberArk PAM (privileged access management)
  • Microsoft Intune (endpoint and device management)
  • Microsoft Purview (DLP, compliance, insider risk)
  • Fortinet Firewalls & VPNs
  • Forescout NAC (network access control)
  • Zscaler (Zero Trust & secure access)
• Ensure continuous improvement, health checks, and performance optimization

Leadership & Collaboration

• Lead and mentor SOC and DLP teams
• Collaborate with IT, DevOps, and business stakeholders during incidents and projects
• Manage vendor relationships and evaluate new security technologies
• Support audits and regulatory compliance initiatives

Required Skills & Qualifications

• Master s or Bachelor s degree in Information Security, Cybersecurity, or related field
• 6 10+ years of experience in cybersecurity, SOC, or information security roles
• Strong expertise in:
  
  • SIEM (QRadar, Sentinel)
  • Microsoft XDR & Defender suite
  • DLP solutions (Forcepoint, Microsoft Purview)
  • Cloud security (Azure, AWS)
  • DevSecOps & CI/CD security
• Hands-on experience with:
  
  • WAF, PAM, EDR/XDR, Firewalls, NAC, Zero Trust solutions
• Strong knowledge of:
  
  • Networking, Active Directory, Linux
  • Threat intelligence, incident response, and forensics
• Excellent analytical, problem-solving, and communication skills