Share this Job
impact where it matters

System Operation Centre Lead (Pune, India)

ZS is a professional services firm that works side by side with companies to help develop and deliver products that drive customer value and company results. From R&D to portfolio strategy, customer insights, marketing and sales strategy, operations and technology, we leverage our deep industry expertise and leading-edge analytics to create solutions that work in the real world. Our most valuable asset is our people—a fact that’s reflected in our values-driven organization in which new perspectives are integral and new ideas are celebrated. ZSers are passionately committed to helping companies and their customers thrive in industries ranging from healthcare and life sciences, to high-tech, financial services, travel and transportation, and beyond.

ZS’s India Capability & Expertise Center (CEC) houses more than 60% of ZS people across three offices in New Delhi, Pune and Bengaluru. Our teams work with colleagues across North America, Europe and East Asia to create and deliver real world solutions to the clients who drive our business. The CEC maintains standards of analytical, operational and technological excellence across our capability groups. Together, our collective knowledge enables each ZS team to deliver superior results to our clients.

ZS’s Corporate Enterprise Functions operate the firm’s core internal functions. Our global teams comprise team-oriented, pragmatic and results-driven people who thrive in a challenging work environment. Our people come from diverse backgrounds but share a passion for quality customer service and dedication—whether our customer is a client or another ZS employee.

ZS IT Support teams is aligned with the company’s business strategy and operating model and aims to provide our people and their clients the right tools and information for high performance. The IT organization focuses on providing products and services to ZS to ensure successful business outcomes. This involves providing a scalable, sustainable and reliable IT infrastructure, customized applications, messaging and collaboration products, Business Intelligence and Database administration support along with a reliable 24*7 uninterrupted high quality technology support services.

Security Operation Centre Lead

The SOC Lead will be primarily responsible for security event monitoring, management and response, and will oversee a team of SOC Analysts to ensure a daily review of security alerts, proper investigation and mitigation, triaging/escalation as needed, following proper communication matrix, and continuous review and improvement of processes.  This role would be responsible to manage and maintain a 24x7 operation and to work with security leads to make sure the team has the tools, training, and skillset to perform daily responsibilities.

The role of the lead position requires that the individual must have existing experience in leading a 24x7 SOC operation, has people management skills, and has extensive experience in working with Splunk or other industry renowned SIEM tool.  The position requires in depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc. This individual would be expected to work with senior technical leaders of the organization and provide reports on existing threats, mitigation efforts, status of new project efforts and formulate a dashboard with daily insight into these areas and/or other information that would be relevant to provide new insights into the threat landscape.  This role would also require understanding and experience in working on security for cloud services (AWS, Azure, GCP and/or other cloud solutions).


  • Manage a 24x7 SOC operation.
  • Ensure incident identification, assessment, quantification, reporting, communication, mitigation and monitoring.
  • Integrate standard and non-standard logs in Splunk or other industry renowned SIEM tool for security monitoring.
  • Review daily logs to ensure adherence to primary functions of SOC operations by team.
  • Build a continuous loop to oversee and improve existing processes.
  • Make automation a mindset of the team to improve response, analysis, quality, and workload efficiency.
  • Provide regular briefings to stakeholders and leadership.
  • Build a strong understanding of the ZS landscape to recognize urgency, impact, and map out correlations of different threats.
  • Perform threat management, threat modeling, threat hunting, identify threat vectors and develop use cases for security monitoring.
  • Ensure adherence to hot seat concept that an Admin is always available to address a critical security event.
  • Provide analysis and trending of security log data from many heterogeneous security devices.
  • Troubleshoot next-gen antivirus & other security application agent software issues.
  • Tune various security tools & technologies already in place.
  • Review the existing SOPs & technical runbooks & also create new SOP documents/runbooks for innovative technologies/process.
  • Create reports, dashboards and metrics for SOC operations and presentation to senior management.
  • Other duties as assigned.


  • Bachelor’s Degree in Information Technology, or any other related field.
  • 7-10 years' experience as a SOC lead or equivalent knowledge.
  • Strong expertise working with Splunk Enterprise Security, Security Essentials, and User Behavior Analytics.
  • Demonstrable expertise and experience with security related incidents.
  • High level of knowledge of various security methodologies, processes and technical security solutions.
  • Strong knowledge of Firewalls/NGFW; IDS/IPS
  • Strong knowledge of Next Generation AV tools (like CrowdStrike, Cylance or any NGAV/EDR); Encryption tools (like Symantec PGP, MBAM, etc.); Application Whitelisting and DLP tools.
  • Strong Knowledge in Industry standard VAPT tools like Nessus, Rapid7 and opensource tools.
  • Knowledge in open source security monitoring tools.
  • Expertise in working with various monitoring tools (like Athena, HP Open View, Nagios, SolarWinds, etc.).
  • Understanding and experience on working with cloud security services (AWS, Azure, GCP; others a plus)
  • Managing a team to have strong research and highly analytical skills, especially with respect to event classification, event correlation, and root cause analysis.
  • Must be a team leader, dedicated, and proactive.
  • Must possess excellent communication, problem-solving, critical thinking and organizational skills.
  • Must have strong presentation skills.
  • Ability to clearly present technical approaches or findings in oral and written format.
  • Ability to present ideas in business-friendly and user-friendly language.
  • Highly self-motivated and directed.
  • Candidate should be flexible to work in late shifts to converse with leadership teams in US as needed
  • Preferred Certifications: Splunk Enterprise Security Certified Admin, CEH, ECSA, CISA, AWS Solution Architect, etc.


ZS is a global consulting firm; fluency in English is required, additional fluency in at least one European or Asian language is desirable. 
Candidates must possess work authorization for their intended country of employment. An on-line application, including a cover letter expressing interest and a full set of transcripts (official or unofficial), is required to be considered.
ZS offers a competitive compensation package with salary and bonus incentives, plus an attractive benefits package.


Connect with ZS in India on social media:

ZS has been recognized globally for its expertise in consulting and its flexible work environment. View ZS’s accolades.