SOC Engineer - 1

Detection Engineering, Incident Leadership & Operational Excellence

Location: Bangalore (Work From Office)

Reports to: CISO

Cashfree Payments operates mission-critical payment and API infrastructure under RBI and PCI-DSS oversight. Our environment processes high-volume financial transactions and demands high-fidelity detection, rapid response, and operational resilience.

We are building an automation-driven SOC designed to scale beyond traditional monitoring models.

Role Summary

The SOC Engineer - 1 is a senior, hands-on technical expert pivotal in accelerating the defensive posture and operational maturity of the Cashfree Payments SOC. This role moves beyond traditional monitoring, focusing instead on Detection Engineering, Incident Response Leadership, and operational scaling within our high-volume, regulated Fintech environment.

We are looking for a system-thinker and builder who can autonomously architect scalable, automation-driven security solutions.

Key Responsibilities

Detection and Threat Engineering

Architect, develop, implement, and continually tune detection rules and correlation logic across SIEM and EDR platforms to effectively identify and remediate security threats.

Proactively identify and map detection gaps to the MITRE ATT&CK framework, leveraging threat intelligence to stay ahead of emerging threats and focus on cloud, containerized, and payment systems.

Implement advanced contextual alerting and enrichment strategies to drastically reduce false positive rates and combat alert fatigue, ensuring the SOC can respond quickly and effectively to real threats.

Conduct proactive, hypothesis-driven hunting exercises across diverse telemetry sources to uncover covert threats and improve the overall security posture of the organization.

Incident Response Leadership & Handling

Function as the primary technical lead for high-severity and complex security incidents, driving effective containment, eradication, and recovery strategies to minimize business impact.

Execute in-depth log analysis, digital forensics triage, and timeline reconstruction to determine the root cause and scope of compromise, ensuring accurate and timely incident response.

Translate findings and lessons learned from incidents into immediate, measurable improvements in detection and prevention mechanisms, ensuring the SOC is better equipped to handle future threats.

Ensure meticulous documentation of all incidents, including technical steps, post-incident reviews, and executive summaries to facilitate knowledge sharing and continuous improvement.

SOC Operational Maturity & Automation

Design, develop, and maintain automation playbooks using SOAR platforms to streamline repetitive tasks, triage, and incident response workflows, reducing manual effort and increasing response consistency.

Utilize strong scripting skills to engineer custom tools and automation solutions, reducing manual effort and increasing response consistency, and ensuring the SOC can scale to meet growing demands.

Establish and refine Standard Operating Procedures (SOPs) and investigation playbooks, ensuring they are current, effective, and adopted across the team, and facilitating knowledge sharing and continuous improvement.

Performance & Team Enablement

Take full ownership of critical SOC metrics, including Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), and False Positive Rate, driving measurable improvement quarter over quarter.

Mentor and coach SOC team members, elevating their investigative, analytical, and tooling skills, and ensuring the SOC is well-equipped to handle future threats.

Plan and execute periodic simulation exercises to test and validate SOC readiness and playbooks, ensuring the SOC can respond effectively to a wide range of scenarios.

Required Qualifications and Expertise

Technical Foundation

Bachelor's degree in Computer Science, Electrical, or Computer Engineering, or equivalent practical experience.

1.5+ years of hands-on experience in a dedicated Security Operations Center (SOC), Incident Response, or Detection Engineering role.

Expert-level proficiency in SIEM platforms (e.g., Splunk, Elastic, Sentinel) including advanced rule creation, custom parsing, and dashboard development.

Demonstrated strong scripting skills in Python for security automation and data manipulation.

Excellent understanding of TCP/IP, common network protocols, and the function of security appliances (Firewalls, IDS/IPS, Proxies).

Soft Skills & Leadership

Proven ability to operate independently, set priorities, and drive complex projects from concept to completion.

Exceptional analytical and problem-solving skills for complex, multi-stage security incidents.

Strong verbal and written communication skills for both technical and executive audiences.

Experience working in a PCI-DSS or RBI-regulated environment is highly desirable.

What Excellence Looks Like

Significant reduction in alert fatigue.

Improved detection coverage and signal accuracy.

Faster, more consistent incident response.

Clear improvements in SOC KPIs over time.

Audit evidence readily available without reactive effort.

SOC processes become automation-driven and scalable.