Manager - Security Operations Centre

This role is part of the Information Security Team, Engineering division of Zeta. The Security Operations Manager is responsible for creating the Security Operations Center (SOC) environment, coming up with project roadmap, setting processes in place, creating incident response plans, analyzing alerts, creating dashboards, collecting threat intelligence etc Guide Developers and DevOps teams about new threats and help harden infrastructure and applications from various attacks as needed. The objective is to make zeta applications and infrastructure secure.

As Security Operations Center Manager of the Information Security sub-division, you will be responsible for identifying attacks against Zeta s infrastructure and applications. You will be working in a techno-managerial role, leading a team and reporting to the manager.

Responsibilities

• Guide the organizations detection and response initiatives
• Understand adversarial tradecraft along with tactics, techniques and procedures (TTPs)
• Assess gaps, tools to improve security operations and incident response
• Act as a intrusion detection and response expert and technical champion within Zeta
• Provide support in detection, response, mitigation of cyber security incidents
• Perform detailed investigation in order to identify root cause for critical issues
• Prepare and present reports of incidents and ways to limit recurrence
• Oversee the planning and coordination of security operations during high-risk events.
• Experience working in SOC/TI mainly involving cloud services, GCP and AWS (preferably) and web applications
• Hiring decisions, hiring process definition, and continuous improvements.
• Broad knowledge of security domain with an understanding of logs and event processing, incident management, detection, response and tool development
• Utilizing a security information and event management (SIEM) platform for visibility and detection of live intrusions and to triage alarms in real-time.
• Perform review and validation of all deliverables for SOC, IR, Threat Intelligence, Threat Hunting and other SOC activities.
• Ensure timely and accurate reporting to Zeta board, CERT-In, Auditors etc
• Hands on experience in intrusion detection, security investigations and incident response
• Experience in threat hunting using threat intelligence to investigate potential risks and finding suspicious behaviour
• Continuous improvement of SOC platform (SIEM Admin) through enhancements, tool addition, project planning etc
• Guide SOC Team, maintain SOC personnel shift schedules
• Catch, investigate, and remediate security incidents.
• Ensure Service Level Agreements (SLAs), of projects progress, risks, issues, and proposed resolutions.
• Development of incident response plans and SOPs
• Automation, Reporting and Compliance

Skills

• Deep understanding of Cloud Environments like AWS, Azure etc
• Deep understanding of Managed and vanilla Kubernetes clusters and working of dockers, containers and helm charts
• Hands on experience in intrusion detection, security investigations and incident response
• Experience in threat hunting using threat intelligence to investigate potential risks and finding suspicious behavior
• Design, create, deliver, and support the deployment of Python/Ansible/Terraform automation as required for ELK/EFK/AWS-OpenSearch and other technology stack
• Perform review and validation of all deliverables for SOC, IR, Threat Intelligence, Threat Hunting and other customer assigned activities.
• Develop policies, instruction, standards, and procedures around security operation functions.
• Provide Metrics and Artifacts supporting audit activities.
• Perform threat management, threat modeling, identify threat vectors and develop use cases for security monitoring.
• Understanding of network protocol, TCP/IP stack, and working knowledge of tools like Wireshark, tcpdump etc
• Strong data analysis skills; ability to independently write scripts/code to parse and analyze complex data.
• Practical experience with deployment and/or operation of commonly used information security solutions Like Cloudflare, Splunk, CloudTrail, etc
• Understanding and familiarity with existing TTP frameworks like MITRE ATTCK, Cyber Kill Chain etc
• Must have worked in ELK/EFK/AWS-OpenSearch implementation project, and Logstash data parsing rules.
• Experience in ELK/EFK/AWS-OpenSearch stack or other logging / stats / visualization tools like Grafana, Prometheus etc
• Threat intelligence like OSINT, MISP etc
• Experience in databases, Linux/Unix environment, software development, and/or experience with distributed systems.
• Familiarity with Java Log4j framework, syslogs, nginx/apache logs is a plus.
• Expertise in Log monitoring tools like Splunk, ELK/EFK/AWS-OpenSearch, SumLogic, Loggly, Arcsight etc
• Knowledge of malware analysis.
• Understanding of CI/CD, Jenkins
• In-depth understanding of production operations on public cloud infrastructure
• AWS/Azure (VPC/Vnet, S3 buckets, blob stores, LoadBalancers etc), Dockers Containers, Kubernetes
• Certifications like OSCP, OSEE, CISSP, SANS CTI etc

Experience and Qualifications

• 9 to 13 years of overall experience as Security Operations engineer in medium to large-size product companies.
• Bachelor of Technology (BE/ B.Tech ), M.Tech/ME in Computer Science or equivalent

Role:

Industry Type:

Department:

Employment Type:

Role Category:

Education

UG:

PG: