SOC Manager

• Creation of supporting SOPs in line with policy requirements.
• Integration of all new devices (on-premise and AWS cloud) with SIEM.
• Experience in threat hunting, red teaming, and cyber drills.
• Monitoring the status of device integration and supporting teams to ensure smooth operation in case of any breakage.
• Support teams for defining SOPs and performing triage.
• Ensuring the functioning of the SIEM tool and related processes as per the mentioned requirements.
• Reporting computer security events in accordance with established processes and procedures.
• Coordinate with system owners and other departments (IDC/NOC/TOPS/Enterprise IT) as needed to analyze events and drive necessary requirements for closure.
• Support ongoing analysis and response of computer security incidents by SOC (Monitoring) Team.
• Creation of new use cases/reports as per business requirements.
• Creation of new use-cases specific to the banking environment.
• Creation of new dashboards in the SIEM console as per requirements.
• SIEM tickets closure.
• Drive key security operations responsibilities (e.g., secure code review, configuration review).

Experience / Job Competencies / Success Factors:

• 10+ years of technical experience working in a SOC or incident response, preferably with BFSI sector experience, especially in banking.
• Experience with one or more Security Information and Event Management (SIEM) solutions, especially with Dnif.
• In-depth understanding of security threats, threat attack methods, and the current threat environment.
• Experience in security monitoring, Incident Response (IR), security tools configuration, and security remediation.
• Excellent troubleshooting and analytical skills with the ability to articulate and propose security solutions in business terms.
• Ability to multitask in a fast-paced environment.
• Provide support for audit and compliance requirements within defined timelines.
• Must be comfortable working in a fast-paced environment with tight deadlines and changing priorities.
• Understanding of network protocols, network capture/analysis tools such as Wireshark.
• Understanding of Linux and Windows operating systems and OS event logging.
• Experience working with AWS environments.
• Comfortable working with different security solutions in a diverse IT infrastructure environment, including:
• FireEye network APT, Palo Alto Firewalls, WAF - F5, HIPS - TrendMicro, PIM - CyberArk, Qualys Vulnerability Scanner, TrendMicro Endpoint security suite and APT, Honey Pot-Smokescreen.
• Experience in developing production SIEM use cases.
• Ability to work non-core hours (swing or night shift) if necessary.
• Certifications: Security+, CEH, CISSP, SANS Course of Incident Response, Digital Forensics.