Security Operations Centre (SOC) - Information Security

• Align with the SOC maturity roadmap and assign priorities for implementation.
• Driving creating use cases for new scenarios and/or fine tuning the existing scenarios.
• Help create play books in SOAR for various use cases that Tier 1/Tier 2 teams.
• Provide overall direction for the SOC function and input to the overall cyber defense strategy.
• Collaborate and create synergies within the cyber team and wider IT function.
• Ensure SOC function is delivering the core monitoring, threat detection and response activities adhering to the defined SLAs and SOPs.
• Help drive upskilling of existing SOC team members in new cybersecurity technologies.
• Continuously monitor the effectiveness of incident detection and response solution and provide improvement inputs to SOC Architecture and Engineering teams.
• Measure and mature the SOC service SLAs/KPIs from time to time.
• Continuously work with technology teams to integrate new feeds into SIEM.
• Broad knowledge of cybersecurity functions beyond traditional SOC operations (e.g. vulnerability management, application security, penetration testing, data protection, identity and privileged access).
• Working knowledge of incident ticketing platforms
• Should possess hands on experience of security Information Event Monitoring (SIEM) platforms, Endpoint Detection and Response (EDR) platforms, Network Security Monitoring (NSM)/Network Detection and Response (NDR) platforms and other leading tools and technologies of Cyber Defence domain.
• Working knowledge of security alert triage and analysis methods (e.g., use of correlations, behaviors, and patterns, pivoting, enriching alert data and providing remediation recommendations)
• Experience with threat hunting and threat hunting methodologies
• Experience with cybersecurity incident response coordination and methods
• Experience integrating cyber threat intelligence with security monitoring processes and threat hunting
• Knowledge of detection rule logic management (e.g., creation, tuning and management methods)
• Knowledge of cybersecurity frameworks (e.g., Mitre ATT&CK, VERIS, Cyber Kill Chain, Diamond Model, and other frameworks)
• Knowledge of cloud infrastructures and cloud security monitoring (Azure, AWS, and GCP)
• Knowledge of network communication concepts including ports, protocols, and encryption
• Plan, direct and control the SOC functions and operation
• Ensure the monitoring and analysis of incidents to protect People, Technology and Process addressing all security incidents and ensuring timely escalation.
• Direct the Cyber Intelligence capability to identify potential threats delivering strategic reports and strategies to minimise the impact of the threat.
• Ensuring incident identification, assessment, quantification, reporting, communication, mitigation and monitoring
• Ensuring compliance to policy, process, and procedure adherence and process improvisation to achieve operational objectives
• Revising and develop processes to strengthen the current Security Operations Framework, Review policies and highlight the challenges in managing SLAs
• Responsible for overall use of resources and initiation of corrective action where required for Security Operations Center
• Ensuring threat management, threat modeling, identify threat vectors and develop use cases for security monitoring
• Creation of reports, dashboards, metrics for SOC operations and presentation to Sr. Mgmt.
• Co-ordination with stakeholders, build and maintain positive working relationships with them
• Be a thought leader in security engineering and operations delivery - driving automation, analytics, and advanced threat analysis.
• Oversee technical delivery, assessing and continually improving output and ensuring processes are developed and adhered to drive operational excellence.
• Benchmark, analyze, report on, and make recommendations for the improvement and growth of the Next Generation infrastructure and systems.
• Participate in quarterly business reviews with vendors and customers.
• Manage the deployment, monitoring, maintenance, development, upgrade, and support of all Client managed systems, operating systems, hardware, and software.
• Keep current with the latest vendor updates, expansion opportunities, and technology directions, utilized in the Clients environment.
• Collaborate and consult with other Group Managers on the overall advancement of the Emerging Services organization and Optiv in general.
• Establish operational foundations, defining metrics and KPIs to drive governance, quality, and efficiency. Influence and improve existing processes through innovation and operational change.
• Manage staffing, including recruitment, supervision, scheduling, development, evaluation, and disciplinary actions.
• Develop and maintain an educational environment where the knowledge and performance of the group is constantly advancing.
• Perform annual staff appraisals.
• Develop and mentor staff through open communication, training and development opportunities, and performance management processes; build and maintain employee morale and motivation.
• Ensure incident identification, assessment, quantification, reporting, communication, mitigation, and monitoring.
• Drive the implementation of emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack.
• Implement standards and procedures to ensure alerts are addressed with relevancy, accuracy and in a timely manner
• Operate autonomously to further investigate and escalate in accordance with policies, procedures and defined processes

Educational Qualification

• Engineering graduate from Computer Science, IT, Telecommunication or a similar discipline
• Post-Graduation: PGDIT, MCA, MBA

Key Skills

• Certification like CISSP, CISA or CISM
• Ability to handle senior management escalation.
• Vendor management Skills
• Effective communication
• Proficient team leader
• Strategic skills
• Decision making and communication.
• Risk management skills
• Knowledge of latest cyber security trends & global industry best practices pertaining to financial Industry
• Technical working knowledge, understanding of SIEM technology, various other security technology (EDR, NDR, HIPS, WAF, IDS, IPS, Firewall, Networking) etc.

Experience

• Overall 12 - 15 year on experience in Information/Cyber Security experience working in a SIEM tool (Next-Gen SIEM, UEBA, etc.) with strong background in security incident monitoring, response, and operations.
• Experience in managing 24x7 Cyber Security Operations Center (CSOC) for 5+ years managing teams from Leadership level primarily involved in Cyber Defense
• Experience in managing 20+ members team which may include vendor teams.
• Certification like SANS, OSCP/OSCE and CREST will be added advantage (CEH, Security+, OSCP, CISSP or other industry-relevant cyber-security certifications and ITIL V3.0, GIAC (e.g. GCIA, GCFE, GCIH), ISC2 (e.g. CCSP), or EC-COUNCIL (e.g. CEH) preferred. Etc.)