Skip to main content
Posted 11 July, 2026

Lead SOC Analyst-Assistant Manager-MFT-KGS CH

KPMG
Gurugram,Haryana,IN,122002 Full Time
Reference: 218_549848_30046994

The Lead SOC Analyst is a senior member of the Incident Response & Investigations team within the Operational Security function of KPMG Group Digital.

This role provides advanced technical expertise in detection, investigation, and response to cybersecurity incidents. Operating at Grade D, the Lead SOC Analyst acts as a senior escalation point within the SOC, handling complex and highseverity incidents, supporting junior analysts during investigations, and contributing to the effective daytoday operation of SOC processes and tooling.

The role is handson and technically focused, with responsibility for the quality and accuracy of investigations performed, rather than formal people or operational management.

Required Skills & Experience:

Experience working in a SOC, incident response, or cybersecurity investigation role.

Strong understanding of common attack techniques, threat actor behaviours, and investigative methodologies.

Ability to analyse security alerts and logs across SIEM, EDR, cloud, identity, and network security tools.

Experience with scripting or automation (e.g. Python, PowerShell) is advantageous.

Familiarity with frameworks such as MITRE ATT&CK, NIST CSF, or equivalent.

Strong written and verbal communication skills, with the ability to explain technical findings clearly.

Ability to work effectively under pressure during incident scenarios.

Preferred Qualifications:

Relevant industry certifications such as CompTIA CySA+ or Microsoft Certified: Security Operations Analyst Associate (SC-200).

Handson experience with EDR, SOAR, or forensic tooling.

Experience participating in threathunting activities or security exercises.

Exposure to tabletop or incidentresponse simulations.

Certifications or demonstrated expertise in Microsoft security technologies related to Sentinel, Purview, or Microsoft Defender suites (e.g., Microsoft 4 of 4 Certified: Information Protection Administrator Associate (SC-400), Microsoft Certified: Azure Security Engineer Associate (AZ-500))

Incident Response & Investigation:

Perform triage, investigation, containment, and remediation activities for complex and highseverity cybersecurity incidents.

Act as a senior technical escalation point during incident handling, providing guidance and direction to analysts as required.

Participate in incident bridges, contributing clear technical updates and investigative findings.

Conduct forensic data collection and analysis across endpoints, network, cloud, and identity sources.

Produce accurate and wellstructured incident timelines, investigation notes, and postincident summaries.

Support postincident reviews by contributing technical insights and lessons learned.

Detection & Threat Monitoring:

Review and investigate alerts generated from SIEM, EDR, cloud security, and identity platforms.

Support the tuning and refinement of detection rules to improve alert quality and reduce false positives.

Conduct threathunting activities under defined hypotheses, using available telemetry and analytical techniques.

Identify gaps in visibility or logging and raise these with senior analysts or engineering teams.

SOC Tooling & Automation Support:

Use SOC tooling effectively to support investigations and response activities.

Contribute ideas and feedback to improve SOC workflows, automation, and playbooks.

Assist with the validation and testing of changes to SOC tools and automated response processes.

Highlight tooling issues or limitations that impact investigation effectiveness. Governance, Process & Assurance Support

Support internal and external audit activities by providing investigation evidence and technical input when requested.

Follow established SOC procedures and ensure investigations are documented accurately and consistently.

Contribute to the maintenance of SOC documentation, playbooks, and operational procedures.

Participate in lessonslearned activities and contribute suggestions for process improvement.

Team & Stakeholder Interaction:

Provide informal guidance and support to junior analysts during investigations, helping to improve analysis quality.

Share technical knowledge and investigative techniques with peers through daytoday collaboration.

Communicate technical findings clearly to SOC leads and relevant stakeholders during incidents.

Work collaboratively with Legal, Risk, Privacy, Crisis Management, and Global SOC teams when required.

Operational Support:

Support daily SOC monitoring activities during periods of increased workload or incident activity.

Assist with escalation handling for complex alerts or investigations.

Maintain a high standard of investigative quality and professional conduct during operational activity.

Sign up for Job Alerts