Tech Stack

Description

You will lead the buildout of 66degrees' internal SecOps function, managing security monitoring, incident response, and compliance frameworks across a global workforce. Your work will directly protect our systems and client data while enabling rapid business growth.

Requirements

• 8-12+ years progressive experience in Information Security, IT Security, or Security Operations.
• At least 2-3 years in a team lead or management capacity.
• Deep technical understanding of Google Workspace admin and security, and cloud infrastructure security (GCP).
• Hands-on experience with EDR (CrowdStrike, SentinelOne), SIEM (Splunk, Google SecOps), and IAM (Rippling, Okta, GCP, Entra, Azure, AWS, GWS).
• Experience operating within compliant environments and supporting SOC 2 Type II or ISO 27001 audits.
• Experience setting up and managing a GRC platform (e.g., Drata, Ostendio).
• Proficiency in scripting (Python, PowerShell, Bash, or Google Apps Script).
• Excellent English communication skills, ability to bridge time zones and cultural nuances managing remote/offshore resources.

Responsibilities

• Build, own and manage daily operations of the security toolset (SIEM, EDR/ XDR, Email Security, Cloud Security, Endpoint Security, Posture Management).
• Serve as primary incident lead for security events; investigate, contain, remediate alerts, and lead post-incident post-mortems.
• Develop and maintain security playbooks and SOPs for securing and hardening solutions in the tech stack.
• Conduct continuous vulnerability scanning and coordinate patching/remediation cycles across endpoints, networks, and cloud environments (GCP, Azure, AWS).
• Partner to operationalize, enforce, and refine Zero Trust, Device Trust, Browser Trust, and IAM policies.
• Monitor, harden, and secure core business applications (Google Workspace, GCP, Slack, Salesforce, Rippling).
• Act as security SME and escalation point for IT Service Desk team in India and global teams.
• Train and upskill global teams on Tier 1 security triage.
• Foster security awareness through employee training and simulated phishing campaigns.
• Lead technical GRC buildout (Drata), Trust Center (SafeBase), evidence gathering, and control enforcement for SOC 2, ISO 27001.
• Assist go-to-market and legal teams with client security questionnaires and vendor risk assessments.
• Track and report on SecOps metrics (Time to Detect/Respond, patch compliance).