Security Operations Architect

We are HCLTech, one of the fastest-growing large tech companies in the world and home to 219,000+ people across 54 countries, supercharging progress through industry-leading capabilities centered around Digital, Engineering and Cloud.

The driving force behind that work, our people, are diverse, creative, and passionate, raising the bar for excellence on a regular basis. We, in turn, work hard to bring out the best in them as we strive to help them find their spark and become the best version of themselves that they can be.

At HCLTech Australia, we value the unique perspective and contributions of all individual and we actively encourage applications from Aboriginal and Torres Strait Islander people to apply for this role.

Are you ready to be an important part of this ever-transformational journey?

About the role

Key Responsibilities:

1. Leadership and Team Management:

• Supervise Teams: Lead SOC analysts, vulnerability management, and penetration testing teams, ensuring high performance, accountability, and professional growth.

• Staff Development: Provide mentorship and training programs to upskill team members in SOC operations, vulnerability management, and penetration testing.

• Team Collaboration: Foster collaboration within the security teams and with other IT and business units.

• Shift Management: Ensure adequate staffing and shift rotations for 24/7 SOC operations.

• People Topics: Manage discipline and motivate the team by fostering collaboration, trust, and open communication while addressing conflicts constructively. Promote work-life balance and adaptability to drive team satisfaction and productivity.

1. SOC Operations Management:

• Real-Time Monitoring: Oversee 24/7 monitoring of security events using tools like SIEM, XDR, and other detection technologies.

• Incident Response: Manage the incident response lifecycle, ensuring timely detection, investigation, containment, and remediation of security incidents.

• Threat Analysis: Continuously assess and improve SOC capabilities to address emerging threats and vulnerabilities.

• SOC Playbooks: Develop, implement, and maintain comprehensive playbooks for effective incident response and threat handling.

• Performance Metrics: Measure and improve SOC effectiveness using metrics such as MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond).

1. Incident Response Management:

• Incident Commander: Serve as the Incident Response Commander and act as Level 3 during critical security incidents, leading the incident response lifecycle.

• Coordination: Coordinate with internal teams, business team, Data Center stakeholders, and third-party vendors to resolve incidents effectively.

• Response Planning: Develop, maintain, and test incident response plans to ensure preparedness for various attack scenarios.

• Incident Handling: Oversee the detection, containment, eradication, and recovery phases of incident management.

• Post-Incident Review: Lead post-incident reviews, ensuring root cause analysis and lessons learned are documented and integrated into security operations.

• Communication: Provide timely updates to senior management and stakeholders during incidents, including clear and concise situational reports.

1. Technology and Tools Management:

• Tool Administration: Manage security tools and platforms, including XDR, SIEM, vulnerability scanners, penetration testing tools, and threat intelligence platforms.

• Optimization: Ensure tools are optimally configured, updated, and integrated with other systems for efficient operation.

• Evaluation: Continuously evaluate emerging technologies to enhance SOC capabilities.

• Automation: Drive automation initiatives to streamline monitoring, detection, and response activities.

1. Strategic Responsibilities, Compliance & Audit Support:

• Risk Management: Proactively identify, evaluate, and mitigate risks through SOC operations, vulnerability assessments, and penetration testing.

• Threat Intelligence Integration: Leverage threat intelligence to enhance proactive threat detection and prevention measures.

• Policy Development: Contribute to the development and enforcement of cybersecurity policies and procedures.

• Alignment with Business Goals: Ensure security operations align with organizational objectives and risk appetite.

• Regulatory Alignment: Ensure SOC operations, vulnerability management, and penetration testing comply with relevant regulations and frameworks (e.g., ISO 27001, GDPR, NIST).

• Audit Support: Provide documentation, evidence, and reports to support internal and external audits.

• Governance: Maintain governance over security operations to ensure alignment with industry best practices.

1. Vulnerability Management:

• Vulnerability Scanning: Oversee the regular scanning of infrastructure, applications, and systems to identify security vulnerabilities.

• Prioritization: Analyze and prioritize vulnerabilities based on severity, risk, and business impact.

• Remediation Coordination: Collaborate with IT teams to remediate vulnerabilities within defined SLA timelines.

• Policy Enforcement: Establish and enforce policies for continuous vulnerability assessment and management.

• Reporting: Provide detailed reports on vulnerabilities, trends, and remediation progress to stakeholders.

1. Communication and Reporting:

• Stakeholder Updates: Regularly communicate SOC, vulnerability, and penetration testing performance to Head of IT & DC Security and stakeholders.

• Incident Briefings: Provide detailed post-incident reports, including root cause analysis and remediation steps.

• Dashboards: Develop dashboards to present real-time SOC performance, incident status, and vulnerability results. 

Convince us with your potential!

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.

• Minimum of 6 years of experience in Cyber-security, with at least 3 years in a SOC leadership role.

• Proven experience in building, managing, and optimizing a 24x7 SOC.

• In-depth knowledge and experience with cybersecurity frameworks such as NIST CSF, MITRE ATT&CK, and ISO 27001.

• Proven knowledge in vulnerability management and penetration testing.

• Experienced people manager able to lead global teams, ensure motivation and growth of the team members & foster collaboration

• A self-starter who thrives in building strategies and implementing solutions.

• Strong understanding of vulnerability management tools (e.g., Tenable, Qualys, Rapid7).

• Knowledge of CVSS (Common Vulnerability Scoring System) and how to apply it to risk assessments.

• Familiarity with patch management processes and tools.

• Hands-on experience with common attack vectors and methods for mitigating them.

• Experience with SIEM, IDS/IPS, and endpoint security tools is a plus.

• Relevant certifications (e.g., CISSP, CEH, OSCP) are highly desirable.

• Strong analytical skills with the ability to manage and interpret large amounts of security data.

• Excellent communication and collaboration skills, able to work across teams and present complex information to both technical and non-technical stakeholders.

Key Competencies:

• Strong understanding of security tools and technologies, including SIEM platforms, EDR, XDR, IDS/IPS, firewalls, threat intelligence, and Attack Surface Management platforms.

• Solid experience with network security, endpoint security, cloud security, and incident detection and response.

• Hands-on experience developing and maintaining security monitoring, detection, and response strategies using Microsoft Sentinel.

• Knowledge of threat intelligence platforms and integrating threat feeds into SOC operations.

• Familiarity with automation tools for incident response and playbook creation.

Why Us

We are one of the fastest-growing large tech companies in the world, with offices in 50+ countries across the globe and 219,000 employees.

• Our company is extremely diverse with 165 nationalities represented.

• We offer the opportunity to work with colleagues across the globe.

• We offer a virtual-first work environment, promoting a good work-life integration and real flexibility.

• We offer comprehensive benefits for all employees.

• We are a certified great place to work and a top employer in 17 countries, offering a positive work environment that values employee recognition and respect.

Equality & Opportunity for All

Representing 165 nationalities across the globe, we pride ourselves on being an equal opportunity employer, committed to providing equal employment opportunities to all applicants and employees regardless of race, religion, sex, colour, age, national origin, pregnancy, sexual orientation, physical disability or genetic information, military or veteran status, Aboriginal and Torres Strait Islander people or any other protected classification, in accordance with federal, state, and/or local law.

Candidate Data Privacy Notice | HCL Technologies

We are committed to respecting your privacy and for the protection of your personal data. Your personal data will be collected and processed in line with our candidate privacy notice: https://www.hcltech.com/candidate-privacy-notice. This privacy notice will help you to understand what personal data we collect about you, how we use this personal data, and what rights you have regarding your personal data.  By replying to this email or submitting any personal data to HCLTech, you acknowledge that you have read and understood the candidate privacy notice and  have  provided your consent to the processing of your data for recruitment purposes as described in the privacy notice”.