Manoj Kaushik

SOC Manager @ Barracuda | Incident Response ,Threat Mangement & Detection | Leading Global Cybersecurity Operations

India

About

Cybersecurity operations leader with 10+ years of experience in security operations, incident response, and threat management. Proven expertise in building and scaling Security Operations Centers, managing multi-region teams, and driving operational excellence across 24/7 monitoring environments. Currently leading SOC operations at Barracuda, overseeing detection, triage, incident response, and strategic improvements to security posture. Skilled in SIEM, SOAR, and EDR technologies with a track record of implementing process standardization, reducing mean time to response (MTTR), and fostering collaborative, high-performing security teams. What I'm focused on : - Building cohesive, innovative AI SOC teams across time zones and regions - Driving continuous improvement through automation, process optimization, and emerging technologies - Translating security metrics into strategic business value - Developing the next generation of cybersecurity professionals - Ensuring rapid, coordinated response to evolving threats

Experience

  • SOC Manager at Barracuda
    Sep 2024 - Present · 1 yr 11 mos

    - Direct Security Operations Center (SOC) strategy and 24/7 operations, ensuring rapid incident detection, analysis, and coordinated response to security threats and emerging vulnerabilities - Oversee incident triage, escalation procedures, and resolution protocols across global monitoring infrastructure, maintaining incident categorization and priority standards - Manage SIEM and incident orchestration platforms, optimizing detection tuning, reducing false positive rates, and improving security event visibility - Define and track SOC performance KPIs including Mean Time to Detect (MTTD), Mean Time to Response (MTTR), SLA compliance, incident volume trends, and operational efficiency metrics - Develop and refine SOC runbooks, escalation processes, and incident response standards to ensure operational consistency and rapid decision-making - Drive process automation and workflow optimization initiatives to improve operational efficiency, reduce manual workload, and enhance team productivity - Mentor and develop SOC analysts and incident response team members, fostering a culture of continuous learning, technical growth, and professional accountability - Maintain adherence to security standards and compliance requirements; support audit readiness, incident documentation, and regulatory compliance efforts - Collaborate with Threat Intelligence, Vulnerability Management, Detection Engineering, and Risk Management teams to strengthen detection capabilities and response effectiveness - Partner with senior leadership on strategic security initiatives, risk mitigation roadmaps, and continuous improvement planning aligned with enterprise objectives - Conduct post-incident reviews and root cause analyses, identifying systemic improvements and sharing lessons learned across teams and stakeholders

  • Associate SOC Manager at Eviden
    Aug 2022 - Aug 2024 · 2 yrs 1 mo

    - Leading the day-to-day operations of the Security Operations Center (SOC), ensuring timely detection, analysis, and response to security incidents. - Developed and enforced SOPs to streamline SOC processes, enhancing operational efficiency. - Managed responses to security incidents including malware outbreaks, data breaches, and phishing attacks, ensuring swift resolution. - Acted as the primary contact for stakeholders, effectively communicating SOC initiatives and achievements. - Designed and implemented SOC dashboards and reporting mechanisms, improving incident tracking and SLA compliance. - Prepared regular reports on SOC performance and incident trends, aiding senior management in decision-making. - Utilized data analytics and visualization tools to identify trends and areas for improvement within SOC operations. - Drove innovation by identifying opportunities for process automation, tool enhancement, and workflow optimization. - Conducted investigations to identify root causes of security incidents and recommended preventive measures. - Developed and evaluated incident response plans and activities, adapting strategies to mitigate cybersecurity threats. - Conducted post-incident reviews, identifying areas for improvement and implementing corrective actions. - Facilitated tabletop exercises to simulate security scenarios and evaluate incident response plans. - Collaborated with cross-functional teams to ensure timely incident resolution and regulatory compliance. - Mentored junior incident response team members, fostering continuous learning and professional development. - Stayed updated on cybersecurity threats and trends, proactively recommending preventive measures. - Provided regular updates and briefings to stakeholders on the threat landscape and its impact on the organization. - Explored opportunities for automation and innovative technologies to enhance incident response efficiency.

  • Senior SOC Associate at Saxo Bank
    Jan 2020 - Jul 2022 · 2 yrs 7 mos

    - Monitored and analyzed inbound security alerts, emails, and inquiries, ensuring swift and effective response to potential security threats and vulnerabilities - Investigated potential incidents and intrusion attempts, leading comprehensive containment, eradication, system recovery, and post-incident lessons-learned processes - Managed daily handling of phishing emails at scale, executing triage, mail deletion, threat blocking, and user isolation procedures to prevent compromise - Participated in security governance meetings, maintaining meticulous operational details and aligning incident response strategies with organizational security objectives - Monitored and oversaw Security Information and Event Management (SIEM) tools for proactive threat detection, security event analysis, and response coordination - Stayed informed on threat intelligence trends and contributed to threat analysis, assessing potential impacts on organizational assets and operations - Collaborated with third-party security partners to discuss improvement plans, evaluate automated solutions, and enhance detection and response capabilities - Led weekly operational review calls to address completed tasks, prioritize focus areas, and proactively investigate and mitigate Indicators of Compromise (IOCs) and environmental vulnerabilities - Developed expertise in incident severity assessment, escalation decision-making, and threat categorization for rapid organizational response

  • SOC Engineer at Wipro Limited
    Nov 2018 - Dec 2019 · 1 yr 2 mos

    - Monitored client networks, web services, and applications for security anomalies, suspicious activities, and potential threats requiring escalation - Managed incident handling and response utilizing IBM Resilient SOAR automation tool, reducing manual workload and improving response time efficiency - Implemented DNS security monitoring and threat detection using Infoblox tools, detecting domain-based threats and malicious DNS activities - Performed network behavior anomaly detection using Cisco Stealth Watch, identifying suspicious traffic patterns, lateral movement, and potential intrusion indicators - Actively investigated Indicators of Compromise (IOCs) and generated weekly threat reports shared with client security teams for awareness and remediation - Developed automation techniques using Python scripting to improve operational efficiency and reduce repetitive manual tasks - Collaborated with client security teams to improve detection tuning, refine incident response procedures, and enhance threat identification accuracy

  • Cyber Security Consultant at Vodafone
    Jun 2016 - Oct 2018 · 2 yrs 5 mos

    - Monitored and analyzed security logs from diverse appliances (firewalls, IDS/IPS, SIEM systems) and industrial control systems for threat detection - Managed incident triage and reporting for various security alerts triggered by SIEM systems, determining severity and appropriate response procedures - Conducted comprehensive log analysis from firewalls, intrusion detection/prevention systems, and Windows server infrastructure for threat identification - Tracked and reported configuration changes in network devices (routers, switches, firewalls) to maintain baseline configurations and detect unauthorized modifications - Configured SIEM platform filters, active channels, queries, and detection rules in ArcSight for effective threat monitoring and alerting - Prepared daily, weekly, and monthly security reports including incident summaries, trend analysis, and metrics aligned with client requirements - Collaborated with network and infrastructure teams to coordinate incident response and system remediation efforts