Sr. Manager - SOC

Summary:

Manage the SOC operation which include SIEM, SOAR, UEBA, NBAD, Threat Hunting, EDR and Anti-APT.

Implement the Cyber Security Policy and Cyber Security Crises Management Plan.

Responsibilities:

1. Lead the captive NGSOC Operations in IFTAS.

2. Provide on-going guidance to Analyst and Manager.

3. Implement standardization in SOC and Cybersecurity practices as per NIST Cyber security framework practices.

4. Perform the review of overall SOC environment, ensure corrective actions are implemented.

5. Ensure SLA compliance are meet for SOC operation.

6. Ensure that log sources (IFTAS inventory) with required logging level are configured in SOC.

7. Review SOC reports, SOC KPI metrics, and create presentations for the Management.

8. Monitor unauthorised changes and misuse of Privilege Account.

9. Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.

10. Write and publish reports on cyber defense techniques and incident findings.

11. Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber incidents.

12. Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness).

13. Develop a plan to investigate alleged crime, violation, or suspicious activity utilizing computers and the Internet.

14. Establish relationships, if applicable, between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies, vendors, public relations professionals).

15. Serve as technical expert and liaison to law enforcement personnel and explain incident details as required.

16. Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise.

17. Understand, recognise, and act on crisis situations and utilise the team to lower the impact of any cyber incident.

Education:

1) Graduate - Any stream

2) Security Certifications CISSP, CRISC, CISM, CompTIA Security+, etc.

Experience:

Candidate must have 12+ years of total experience with 6-10 years of relevant experience.

Knowledge:

Cyber Security Incident Management

SOC Operations

Security Architecture

Skills:

SOC Manager

Security Operation

CCMP