Security Operations Manager

Security Operations Manager (SOC/NOC) – MSSP

Location: Coimbatore, Tamil Nadu (Full-time)

Shift: 4:00 PM – 1:00 AM IST (US business hours overlap)

Reports To: CEO (United States)

The Mission

Fountain Hills Technologies is an Arizona-based MSSP expanding our 24/7 operations in India. We’re seeking a seasoned, hands-on player-coach to lead our Coimbatore SOC/NOC team. You will own day-to-day delivery, ensure operational discipline and incident response maturity for our US-based clients, and drive continuous improvement of our security tooling and tech stack. So nothing is missed, forgotten, or overdue.

Core Responsibilities

• Operational Leadership: Own queue health in Zoho Desk—ensure alerts/tickets are triaged, prioritized, and progressing with clear ownership and next steps (without manual dispatching).
• Service Desk Ownership (Zoho Desk): Own and continuously improve Zoho Desk as the operating backbone—workflows, automations, routing rules, SLAs, escalation paths, templates/macros, categories/tags, and dashboards/reporting to ensure tickets move predictably and nothing ages unnoticed.
• Workflow Standardization: Translate operational procedures into enforceable system behavior (required fields, required evidence, handoff templates, severity tagging, mandatory customer update cadence by severity).
• Reporting & Visibility: Maintain real-time visibility for leadership—backlog aging, SLA adherence, MTTA/MTTR, reopen rates, and quality metrics; run weekly service desk reviews and drive corrective actions.
• Coverage & Execution: Own 24/7 scheduling and readiness to ensure minimum staffing requirements are always met and coverage scales as the team grows (including backfill planning and shift readiness).
• Incident Management: Lead high-severity response end-to-end (classification, escalation, containment coordination, customer communications, and PIRs).
• SOC/NOC Program Ownership: Build and enforce practical playbooks and standards for triage, investigation, evidence capture, escalation, and handoffs.
• Team Development: Coach analysts on shift readiness, investigation quality, documentation discipline, and consistent escalation packets.
• Training & Certification Program: Build and maintain role-based learning paths for analysts and engineers (partner trainings, internal enablement, and progression plans). Track completion and ensure the team stays current on required certifications.
• Partner Enablement: Coordinate and schedule partner training sessions; ensure new tool capabilities and vendor best practices are translated into runbooks and daily workflows.
• Policy & Procedure Coaching: Coach the team on company policies, security/incident handling procedures, and operational standards (documentation, evidence handling, customer comms).
• US Business Interaction Coaching: Train and reinforce US-aligned customer interaction standards (tone, urgency, escalation etiquette, executive summaries, meeting discipline) that may differ from typical India norms.
• Tooling Strategy + Modernization: Own ongoing research and continuous improvement of our security stack—identify gaps, recommend improvements, and drive measurable outcomes (reduced noise, faster response, better coverage).
• POC Leadership (Internal + Customer): Lead proof-of-concept efforts from start to finish: define test plans and success criteria, coordinate testing, validate operational fit, document results, and drive production rollout readiness (runbooks, training, support model).
• Strategic Collaboration: Partner with US leadership and L3 Senior Engineers to reduce noise via tuning/automation and to turn PIR findings into permanent operational improvements.

Required Qualifications

• Experience: 10+ years in SOC/NOC or IT operations, with 4+ years in formal leadership/management roles.
• Security-First Technical Depth: Strong, hands-on understanding of modern security operations, including alert lifecycle management, incident response fundamentals, threat triage, and operational security controls.
• Broad Infrastructure Fundamentals: Deep working knowledge of Windows/M365 and networking fundamentals (identity, endpoint, email, and connectivity troubleshooting) to confidently guide remediation and escalation decisions.
• Tooling Competence: Experience operating and improving security tooling such as EDR/XDR, SIEM/logging, email security, security awareness, DNS filtering, and firewall ecosystems. (CrowdStrike and Palo Alto experience strongly preferred.)
• POC / Evaluation Capability: Demonstrated ability to evaluate tools and solutions objectively—define success criteria, run structured testing, and make rollout recommendations tied to operational outcomes.
• Training Leadership: Demonstrated experience building team training plans and driving certification completion/partner enablement.
• Service Desk Systems: Experience implementing or improving service desk workflows/automation (Zoho Desk preferred; ServiceNow/Jira Service Management/Freshservice/Zendesk acceptable equivalents).
• Communication: Excellent written and spoken English for high-stakes customer calls, incident briefings, and daily coordination with US leadership.
• Operational Authority: Calm, decisive leadership under pressure; comfortable enforcing standards and holding teams accountable. ITIL-style service management experience is a plus.
• Shift Flexibility: The primary shift is 4:00 PM – 1:00 AM IST; occasional flexibility is required for major incidents, customer escalation calls, or operational reviews.

Tools & Platforms (partial)

• Security & Identity: CrowdStrike (EDR/XDR), ThreatMate, FortiMail, KnowBe4, DNSFilter
• Infrastructure & Networking: Palo Alto Firewalls, Cisco Meraki (Switches/APs), Datto RMM
• Data Protection: Rubrik (On-Prem & SaaS)
• Service Management: Zoho Desk

What Success Looks Like

• Operational Control: Coverage runs smoothly with clean handoffs, clear ownership, and minimal backlog aging.
• Incident Excellence: Faster, more consistent response with stronger evidence capture, clearer customer communications, and higher-quality escalation packets.
• Tech Stack Progress: A repeatable POC process is in place, and the security stack steadily improves (measurable noise reduction, better detection/coverage, and more automation).
• Team Readiness: Role-based learning paths are implemented; certification tracking is active; partner training is completed on schedule; customer interactions reflect U.S.-aligned expectations.
• Weekly Cadence: A weekly operating cadence exists (KPIs, backlog review, PIR actions tracked to completion)