Description :

Job Title : Subject Matter Expert (SME + hypothesis-based threat hunting)

Location : Bangalore (on site)

Experience Level : 10 to 12 years

About ColorTokens :

ColorTokens specializes in advanced security solutions designed to safeguard organizations' assets and critical systems from cyber threats.

Our flagship product, Xshield Enterprise Microsegmentation platform, empowers organizations to prevent initial compromises from escalating into damaging crises.

By emphasizing proactive security measures, ColorTokens ensures comprehensive protection for critical workloads and data, enabling organizations to stay "breach ready."

With a clientele spanning some of the world's largest organizations, including prominent cancer research centers, cities, and national defense departments, ColorTokens serves industries handling sensitive information and subject to stringent regulatory requirements.

ColorTokens' cloud-delivered platform streamlines onboarding efforts and reduces maintenance costs for organizations.

Providing pervasive protection, their platform covers data center servers, legacy systems, cloud workloads, containers, and operational technology (OT) and Internet of Things (IoT) devices.

The company's recognition as a Strong Performer in the Forrester New Wave: Microsegmentation report solidifies ColorTokens' reputation as a trusted provider of microsegmentation solutions for organizations seeking to enhance their security posture.

Our culture :

We foster an environment that values customer focus, innovation, collaboration, mutual respect, and informed decision-making.

We believe in alignment and empowerment so you can own and drive initiatives autonomously.

Self-starters and high-motivated individuals will enjoy the rewarding experience of solving complex challenges that protect some of worlds impactful organizations be it a childrens hospital, or a city, or the defense department of an entire country.

Position Overview :

Colortokens is seeking a highly skilled and experienced Subject Matter Expert to lead and enhance our Security Operations Center (SOC).

The ideal candidate will bring deep technical expertise in security operations, threat detection, incident response, and SOC processes.

This role requires strong leadership skills, technical acumen, and the ability to design and implement advanced security strategies to protect organizational assets.

Key Responsibilities :

SOC Operations Leadership:

- Serve as the technical authority for the SOC team, providing guidance and expertise in threat monitoring, detection, and response.

- Oversee the design, implementation, and optimization of SOC processes, workflows, and playbooks.

- Ensure 24/7 operational readiness, minimizing downtime and incident response times.

Threat Detection and Incident Response :

- Lead investigations into complex security incidents and provide actionable recommendations to mitigate risks.

- Develop and maintain custom detection rules, use cases, and correlation logic in SIEM platforms.

- Oversee forensic analysis and root-cause investigations for major incidents.

Tool and Technology Management :

- Evaluate, implement, and optimize SOC tools and technologies, including SIEM, SOAR, EDR, and NDR solutions.

- Collaborate with IT and security teams to ensure seamless integration of tools across the environment.

- Identify gaps in coverage and recommend solutions to improve threat visibility.

Team Development and Mentorship :

- Train and mentor SOC analysts and engineers, enhancing their technical and operational capabilities.

- Lead tabletop exercises and red/blue team simulations to improve team readiness and response.

- Foster a culture of continuous improvement and learning within the SOC.

Strategic Contributions :

- Collaborate with leadership to define SOC goals, metrics, and key performance indicators (KPIs).

- Stay updated on the latest security trends, tools, and threats to ensure the SOC remains proactive and adaptive.

- Drive compliance with relevant standards and frameworks (e.g., NIST, ISO 27001, PCI DSS).

Customer and Stakeholder Engagement :

- Act as a liaison with customers and stakeholders, providing expert insights on SOC operations and incident management.

- Develop and present detailed reports and executive summaries on SOC performance, incidents, and strategic initiatives.

Required Skills and Experience :

Technical Expertise:

- 8 - 12 years of experience in cybersecurity, with a focus on SOC operations and threat detection.

- Advanced knowledge of SIEM platforms (e.g., Splunk, QRadar, Sentinel) and security tools (e.g., CrowdStrike, Palo Alto Cortex).

- Expertise in scripting and automation using Python, PowerShell, or similar tools.

Certifications :

- Relevant certifications such as CISSP, CISM, GIAC (GCIA, GCIH), or equivalent.

- Additional certifications in SOC operations or SIEM platforms are highly desirable.

Analytical and Problem-Solving Skills :

- Proven ability to analyze complex incidents and provide comprehensive remediation strategies.

- Strong understanding of the MITRE ATT&CK framework, threat intelligence, and threat hunting.

Soft Skills :

- Excellent communication and leadership skills.

- Ability to work under pressure and prioritize tasks in a dynamic environment.

Preferred Qualifications :

- Experience with SOAR platforms and automation workflows.

- Familiarity with compliance requirements like GDPR, HIPAA, and PCI DSS.

- Knowledge of cloud security and hybrid environments (e.g., AWS, Azure, Google Cloud).

Why Join Us?

- Work on a cutting-edge cybersecurity product in a fast-paced startup environment.

- Collaborate with a world-class team of engineers and security experts.

- Opportunity to learn, grow, and make a real impact from day one