SOC Engineer - 3

Detection Engineering, Incident Leadership & Operational Excellence

Location: Bangalore (Work From Office)

Reports to: CISO

Cashfree Payments operates mission-critical payment and API infrastructure under RBI and

PCI-DSS oversight. Our environment processes high-volume financial transactions and

demands high-fidelity detection, rapid response, and operational resilience.

We are building an automation-driven SOC designed to scale beyond traditional monitoring

models.

Role Summary

The SOC Engineer - 3 is a senior, hands-on technical expert pivotal in accelerating the defensive posture and operational maturity of the Cashfree Payments SOC. This role moves beyond traditional monitoring, focusing instead on Detection Engineering, Incident Response

Leadership, and operational scaling within our high-volume, regulated Fintech environment.

We are looking for a system-thinker and builder who can autonomously architect scalable, automation-driven security solutions.

Key Responsibilities

Detection and Threat Engineering

● Architect, develop, implement, and continually tune detection rules and correlation logic across SIEM and EDR platforms.

● Proactively identify and remediate detection gaps, mapping coverage to the MITRE

ATT&CK framework and leveraging threat intelligence, with a special focus on cloud (AWS), containerized (Kubernetes), and payment systems.

● Implement advanced contextual alerting and enrichment strategies to drastically reduce false positive rates and combat alert fatigue.

● Conduct proactive, hypothesis-driven hunting exercises across diverse telemetry sources (cloud, network, endpoint) to uncover covert threats.

Incident Response Leadership & Handling

● Function as the primary technical lead for high-severity and complex security incidents, driving effective containment, eradication, and recovery strategies.

● Execute in-depth log analysis, digital forensics triage, and timeline reconstruction to determine the root cause and scope of compromise.

● Translate findings and lessons learned from incidents into immediate, measurable improvements in detection and prevention mechanisms.

● Ensure meticulous documentation of all incidents, including technical steps, post-incident reviews, and executive summaries.

SOC Operational Maturity & Automation

● Design, develop, and maintain automation playbooks using SOAR platforms to streamline repetitive tasks, triage, and incident response workflows.

● Utilize strong scripting skills (e.g. Python) to engineer custom tools and automation solutions, reducing manual effort and increasing response consistency.

● Establish and refine Standard Operating Procedures (SOPs) and investigation playbooks, ensuring they are current, effective, and adopted across the team.

Performance & Team Enablement

● Take full ownership of critical SOC metrics, including Mean Time to Detect (MTTD),

Mean Time to Respond (MTTR), and False Positive Rate. Drive measurable improvement quarter over quarter.

● Mentor and coach SOC team, elevating their investigative, analytical, and tooling skills.

● Plan and execute periodic simulation exercises (e.g., tabletop exercises, purple team engagements) to test and validate SOC readiness and playbooks.

Required Qualifications and Expertise

Technical Foundation

● B.Tech. in Computer Science, Electrical, or Computer Engineering or equivalent practical experience.

● 7+ years of hands-on experience in a dedicated Security Operations Center (SOC), Incident Response, or Detection Engineering role.

● Expert-level proficiency in SIEM platforms (e.g., Splunk, Elastic, Sentinel) including advanced rule creation, custom parsing, and dashboard development.

● Demonstrated strong scripting skills in Python for security automation and data manipulation.

● Excellent understanding of TCP/IP, common network protocols, and the function of security appliances (Firewalls, IDS/IPS, Proxies).

Soft Skills & Leadership

● Proven ability to operate independently, set priorities, and drive complex projects from concept to completion.

● Exceptional analytical and problem-solving skills for complex, multi-stage security incidents.

● Strong verbal and written communication skills for both technical and executive audiences.

● Experience working in a PCI-DSS or RBI-regulated environment is highly desirable.

What Excellence Looks Like

● Significant reduction in alert fatigue

● Improved detection coverage and signal accuracy

● Faster, more consistent incident response

● Clear improvements in SOC KPIs over time

● Audit evidence readily available without reactive effort

● SOC processes become automation-driven and scalable