SOC CW n Dev Lead

Who We Are

At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward - always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities.

The Role

Key Responsibilities

AI & GenAI Integration

• Design and implement AI/ML models for threat detection, behavioural analytics, and anomaly detection using Microsoft Sentinel, Azure ML, and Kyndryl Bridge.
• Integrate Generative AI into SOC workflows for predictive threat modelling, incident summarization, automated RCA generation, and knowledge-driven response recommendations.
• Lead the development of agentic AI systems capable of autonomous decision-making and response orchestration under governed SOC protocols.
• Embed GenAI-powered conversational analytics and predictive insights into executive dashboards for proactive threat visibility and decision-making.

• Architect, design, and maintain automation playbooks in Azure Logic Apps and Microsoft Sentinel SOAR to streamline incident triage, enrichment, containment, and remediation.
• Collaborate with SOAR developers, content engineers, and threat detection teams to ensure automation components are modular, reusable, and scalable.
• Define and enforce development standards for SOC automation-covering playbook structure, documentation, versioning, and testing.
• Ensure seamless integration with third-party security tools, ITSM systems, and cloud-native services.

• Oversee the design of Power BI dashboards for real-time SOC visibility, automation performance metrics, and executive-level SLA reporting.
• Define and monitor automation-linked KPIs such as:
  
  
  • Mean Time to Respond (MTTR) reduction
  • Ticket volume reduction
  • Manual intervention percentage
  • RCA turnaround time
  • SLA compliance improvement
• Embed AI/GenAI-driven analytics layers into dashboards to enable adaptive risk visualization and predictive forecasting.

• Participate in SOC governance forums to align AI/automation initiatives with business objectives, regulatory mandates, and compliance frameworks (e.g., ISO 27001, SOC 2, GDPR).
• Establish Responsible AI practices ensuring fairness, transparency, explainability, and human oversight in automated decision-making.
• Maintain audit trails, version controls, and documentation for all AI and automation deployments.

• Work closely with SOC Analysts, Threat Intelligence, Platform Engineering, and Cloud Security teams to ensure automation aligns with operational and security needs.
• Mentor junior developers and automation engineers on best practices in AI, scripting, and SOAR development.
• Partner with OEMs and product vendors (Microsoft, Kyndryl, etc.) for roadmap alignment, feature optimization, and performance tuning.
• Lead Continual Service Improvement (CSI) initiatives focused on innovation and operational excellence across global SOC functions.

• 8+ years of experience in SOC Operations, Automation, or Security Engineering, with at least 3 years in a lead role.
• Strong expertise in:
  
  
  • Microsoft Sentinel (SOAR, Logic Apps, KQL, custom connectors)
  • Azure Logic Apps and automation frameworks
  • AI/ML model deployment for SOC analytics and anomaly detection
  • PowerShell, Python, or C# scripting for custom automation
  • GenAI integration using Azure OpenAI, Microsoft Copilot, or similar platforms
  • Kyndryl Bridge or equivalent hybrid orchestration tools
• Deep understanding of SOC processes, threat lifecycle, and ITSM/SIEM/SOAR integration.
• Proven experience in developing and managing automation KPIs linked to SLA and operational efficiency.
• Exposure to Power BI, data modelling, and executive reporting frameworks.
• Strong analytical and problem-solving capabilities with a focus on innovation and scalability.

• Microsoft Certified: Security Operations Analyst Associate (SC-200)
• Microsoft Certified: Azure AI Engineer Associate (AI-102)
• Microsoft Certified: DevOps Engineer Expert (AZ-400)
• ITIL v4 Foundation
• Certified SOC Analyst (CSA) or GIAC Certified Automation Professional (GCAP) - Preferred