SOC Manager will be responsible for leading and managing 24x7 Security Operations Centre ensuring compliance to policies, process adherence, and process improvi ion to achieve operational objectives of incident identification, assessment, quantification, reporting, communication, mitigation, and itoring security events.
Key requirements:
-
Manage and Lead SOC operations, security incidents, investigations, threat detection preventions
-
Implement and operationalise CSIRT, SOAR, SIEM, DLP, Network itoring, Forensic tools etc.
-
Ensure key information security incidents and issues are identified, addressed and resolved in a timely manner.
-
Responsibility for handling critical security incident response tasks to minimize impact and developing Security Incident Response Plan and runbooks for effective incident management
-
Assist root cause analysis, identify information security weakness, develop corrective actions and risk management input as needed.
-
Vali , verify and report protective or countermeasure solutions, both technical and administrative
-
Provision of Critical Incident Response Report and lessons learned to key stakeholders.
-
Remain current on developments affecting information risk and advise department management
-
Acquire artifacts from a client or server during an investigation using different tools
-
Assess efficacy of security controls, document and report control failures and gaps to stakeholders. Provide remediation guidance and prepare management reports to track remediation activities.
-
Develop relevant metrics, analyze data, identify trends and help drive improvements to the control environment
-
Recommend security itoring or device tuning to reduce false positive detections
-
Build and run various phishing, vishing, smishing & other security awareness campaigns
-
Must have experience working on following technologies: Endpoint detection and response, PowerShell, anti-virus, email security, Linux, DLP, eption tools, cloud platform security
-
Implement SOC Automation and mature operations excellence
Knowledge:
-
Familiarity with the Dev Sec Ops lifecycle, technology systems and platform (Cloud - AWS, Windows and Linux) would be beneficial
-
Well versed with well-known security frameworks such as ISO 27001: / NIST CSF / PCI DSS / ISO 22301 / STRIDE / MITRE etc.
-
Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols
-
Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, etc.
-
Information systems auditing, itoring, controlling, and assessment process
-
Incident response management
-
Risk assessment and management methodology
Skills:
-
Strong security mindset
-
Strong hands-on experience of the security technologies such as SIEM, APT threats, VA/PT, Malware analysis, Forensics, Incident response tools, DLP, NGAV, EDR, CASB, PIM/PAM, Firewall, Proxy, Email security, Cloud Security, WAF etc.
-
Developing and implementing enterprise SOC, Blue team and Read teams with incident response, forensics, threat haunting strategy and solutions
-
Questions status quo and navigates through roadblocks
-
Security project management and planning
-
Defining problems, collecting and analyzing data, establishing facts and drawing valid conclusions
-
Using judgment and ingenuity in maintaining objectives and technical standards
Qualification:
-
Bachelors in relevant fields i.eputer science, cyber security etc.
-
Strong knowledge of incident management, problem management, and change management best practices.
-
Relevant industry certification such as Certified SOC Analyst (CSA /CEH/ CCNA / SANS GSOC /GIAC/GCFA etc. (at least two) is highly desirable.
-
Superior communication skills and ability to brief senior management.
-
Overall 12+ years of Information Security / Cybersecurity experience.
-
Expertise with industry-standard frameworks (ISO, NIST, GDPR, PCI).
-
Experience maintaining metrics and SLAs.
