Incident Response Technical Lead

Apply now »

Date: May 7, 2025

Location: Pune, IN

Company: AkzoNobel

About AkzoNobel

Since 1792, we’ve been supplying the innovative paints and coatings that help to color people’s lives and protect what matters most. Our world class portfolio of brands – including Dulux, International, Sikkens and Interpon – is trusted by customers around the globe. We’re active in more than 150 countries and use our expertise to sustain and enhance the fabric of everyday life. Because we believe every surface is an opportunity. It’s what you’d expect from a pioneering and long-established paints company that’s dedicated to providing sustainable solutions and preserving the best of what we have today – while creating an even better tomorrow. Let’s paint the future together.

 

For more information please visit www.akzonobel.com 

 

© 2024 Akzo Nobel N.V. All rights reserved.

Job Purpose

Cyber security is a top priority for AkzoNobel as for any global organization operating in the cyberspace. Our objective is to protect our information and digital assets (IT and OT) by reducing our cyber risk exposure to pursue our business objectives.

As part of the new cyber security strategy, supported by the ExCo, we have recently redefined our security governance in line with the evolution of the threat landscape and modern best practices. In this regard the new Information Security function, under responsibility of the CISO and part of the IT, is responsible for Information and cyber security for the entire organization covering Cyber Risk Management & Compliance, Security Architecture, Security Operations and Cyber Security Awareness and Training.

We are looking for a seasoned and proactive Vulnerability Management Technical Lead to join our Cybersecurity Operations team. This role will be responsible for overseeing all technical aspects of security incident and alert management across the organization. You will serve as the central operational point of reference for incident detection, investigation, containment, and resolution activities and bring deep technical expertise and strong leadership capabilities to ensure the continuous identification, assessment, and remediation of vulnerabilities. You will work with modern tools and technologies, maintain visibility into the organization's risk exposure, and deliver meaningful metrics to support security decisions.

Key Activities

Provide technical and operational leadership for incident and alert management processes, ensuring day-to-day activities are executed effectively, without operational gaps.

Deliver a real-time operational view and strategic (macro) oversight of the organization’s security posture, enabling data-driven decision-making through well-defined KPIs and KRIs.

Act as the lead investigator for major or complex incidents, collaborating with internal and external stakeholders as needed.

Ensure regular activities such as alert triage, incident response, threat hunting, and reporting are performed consistently and on schedule.

Prepare and present clear, concise, and data-backed reports on incident response metrics, trends, and security event outcomes to management and leadership.

Foster a supportive, collaborative, and high-performing environment, mentoring team members and ensuring clarity of roles, timely guidance, and knowledge sharing.

Lead maturity assessments of the SOC IR capabilities using recognized industry frameworks (e.g., MITRE ATT&CK, CMMI), and define tangible improvement paths.

Serve as a key contributor to the evolution of automation and orchestration in incident management using Microsoft Sentinel and Logic Apps.

Continuously evaluate and improve detection and response workflows across multiple security technologies and domains.

These key responsibilities are peered with key technologies (and linked skills) that are used in the company environment:

  • Microsoft Defender Suite (Endpoint, Identity, Office, Cloud Apps)

  • Zscaler Technologies, including ZIA and ZPA

  • Microsoft Sentinel and Azure Logic Apps (automation and orchestration)

  • Nozomi (OT/IoT network visibility and threat detection)

Familiarity with API integrations, automation scripting (PowerShell, KQL), and incident enrichment techniques is highly desirable.

Experience

  • 5+ years of hands-on experience in incident response, SOC operations, or threat detection roles within large and complex environments.
  • Demonstrated experience leading incident response efforts in real-world scenarios, including root cause analysis, containment, and lessons learned processes.
  • Strong understanding of enterprise security architecture, endpoint and network detection tools, and alerting pipelines.
  • Solid experience with Microsoft security technologies, especially Microsoft Defender XDR and Sentinel.
  • Practical knowledge of SOC automation practices using tools such as Logic Apps, playbooks, or SOAR platforms.
  • Excellent communication and reporting skills, capable of presenting technical content to both technical and executive audiences.
  • Demonstrated ability to work collaboratively, make sound decisions under pressure, and coordinate across teams during high-impact security events.
  • Strong knowledge of incident handling frameworks, playbook development, and SOC maturity models.
  • Certifications in incident response, such as GCIH, GCFA, GCIA, or similar.
  • General blue team certifications such as SC-200, AZ-500
  • Experience in operationalizing threat intelligence and aligning detection strategies to frameworks such as MITRE ATT&CK.
  • Prior experience assessing and improving SOC performance against frameworks like NIST, MITRE D3FEND, or CMMI.

At AkzoNobel we are highly committed to ensuring an inclusive and respectful workplace where all employees can be their best self. We strive to embrace diversity in a context of tolerance. Our talent acquisition process plays an integral part in this journey, as setting the foundations for a diverse environment. For this reason we train and educate on the implications of our Unconscious Bias in order for our TA and hiring managers to be mindful of them and take corrective actions when applicable. In our organization, all qualified applicants receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age or disability.

Requisition ID: 46483 

Apply now »