Job Title

Security Operations Manager (SOC/NOC) – MSSP Location: Coimbatore, Tamil Nadu (Full-time) Shift: 4:00 PM – 1:00 AM IST (US business hours overlap) Reports To: CEO (United States)The MissionFountain Hills Technologies is an Arizona-based MSSP expanding our 24/7 operations in India. We’re seeking a seasoned, hands-on player-coach to lead our Coimbatore SOC/NOC team. You will own day-to-day delivery, ensure operational discipline and incident response maturity for our US-based clients, and drive continuous improvement of our security tooling and tech stack. So nothing is missed, forgotten, or overdue.Core ResponsibilitiesOperational Leadership: Own queue health in Zoho Desk—ensure alerts/tickets are triaged, prioritized, and progressing with clear ownership and next steps (without manual dispatching).Service Desk Ownership (Zoho Desk): Own and continuously improve Zoho Desk as the operating backbone—workflows, automations, routing rules, SLAs, escalation paths, templates/macros, categories/tags, and dashboards/reporting to ensure tickets move predictably and nothing ages unnoticed.Workflow Standardization: Translate operational procedures into enforceable system behavior (required fields, required evidence, handoff templates, severity tagging, mandatory customer update cadence by severity).Reporting & Visibility: Maintain real-time visibility for leadership—backlog aging, SLA adherence, MTTA/MTTR, reopen rates, and quality metrics; run weekly service desk reviews and drive corrective actions.Coverage & Execution: Own 24/7 scheduling and readiness to ensure minimum staffing requirements are always met and coverage scales as the team grows (including backfill planning and shift readiness).Incident Management: Lead high-severity response end-to-end (classification, escalation, containment coordination, customer communications, and PIRs).SOC/NOC Program Ownership: Build and enforce practical playbooks and standards for triage, investigation, evidence capture, escalation, and handoffs.Team Development: Coach analysts on shift readiness, investigation quality, documentation discipline, and consistent escalation packets.Training & Certification Program: Build and maintain role-based learning paths for analysts and engineers (partner trainings, internal enablement, and progression plans). Track completion and ensure the team stays current on required certifications.Partner Enablement: Coordinate and schedule partner training sessions; ensure new tool capabilities and vendor best practices are translated into runbooks and daily workflows.Policy & Procedure Coaching: Coach the team on company policies, security/incident handling procedures, and operational standards (documentation, evidence handling, customer comms).US Business Interaction Coaching: Train and reinforce US-aligned customer interaction standards (tone, urgency, escalation etiquette, executive summaries, meeting discipline) that may differ from typical India norms.Tooling Strategy + Modernization: Own ongoing research and continuous improvement of our security stack—identify gaps, recommend improvements, and drive measurable outcomes (reduced noise, faster response, better coverage).POC Leadership (Internal + Customer): Lead proof-of-concept efforts from start to finish: define test plans and success criteria, coordinate testing, validate operational fit, document results, and drive production rollout readiness (runbooks, training, support model).Strategic Collaboration: Partner with US leadership and L3 Senior Engineers to reduce noise via tuning/automation and to turn PIR findings into permanent operational improvements.Required QualificationsExperience: 10+ years in SOC/NOC or IT operations, with 4+ years in formal leadership/management roles.Security-First Technical Depth: Strong, hands-on understanding of modern security operations, including alert lifecycle management, incident response fundamentals, threat triage, and operational security controls.Broad Infrastructure Fundamentals: Deep working knowledge of Windows/M365 and networking fundamentals (identity, endpoint, email, and connectivity troubleshooting) to confidently guide remediation and escalation decisions.Tooling Competence: Experience operating and improving security tooling such as EDR/XDR, SIEM/logging, email security, security awareness, DNS filtering, and firewall ecosystems. (CrowdStrike and Palo Alto experience strongly preferred.)POC / Evaluation Capability: Demonstrated ability to evaluate tools and solutions objectively—define success criteria, run structured testing, and make rollout recommendations tied to operational outcomes.Training Leadership: Demonstrated experience building team training plans and driving certification completion/partner enablement.Service Desk Systems: Experience implementing or improving service desk workflows/automation (Zoho Desk preferred; ServiceNow/Jira Service Management/Freshservice/Zendesk acceptable equivalents).Communication: Excellent written and spoken English for high-stakes customer calls, incident briefings, and daily coordination with US leadership.Operational Authority: Calm, decisive leadership under pressure; comfortable enforcing standards and holding teams accountable. ITIL-style service management experience is a plus.Shift Flexibility: The primary shift is 4:00 PM – 1:00 AM IST; occasional flexibility is required for major incidents, customer escalation calls, or operational reviews.Tools & Platforms (partial)Security & Identity: CrowdStrike (EDR/XDR), ThreatMate, FortiMail, KnowBe4, DNSFilterInfrastructure & Networking: Palo Alto Firewalls, Cisco Meraki (Switches/APs), Datto RMMData Protection: Rubrik (On-Prem & SaaS)Service Management: Zoho DeskWhat Success Looks LikeOperational Control: Coverage runs smoothly with clean handoffs, clear ownership, and minimal backlog aging.Incident Excellence: Faster, more consistent response with stronger evidence capture, clearer customer communications, and higher-quality escalation packets.Tech Stack Progress: A repeatable POC process is in place, and the security stack steadily improves (measurable noise reduction, better detection/coverage, and more automation).Team Readiness: Role-based learning paths are implemented; certification tracking is active; partner training is completed on schedule; customer interactions reflect U.S.-aligned expectations.Weekly Cadence: A weekly operating cadence exists (KPIs, backlog review, PIR actions tracked to completion)