Manager - Security Operations Center - SOC
Posted on Nov 15, 2018 by Request Technology - Robyn Honquest
Manager - Security Operations Center
Looking for a candidate that can manage over 6 people covering 24/7 SOC support. Must be hands on and very technical. You will be supporting network security, data protection, enable data security, Firewalls, Logs, updates, changes, cloud based SIEM end point. The level 1 support is outsourced so you will need to manage the vendor.
Key responsibilities of our SOC today include Level 2 incident handling, Incident Investigations, Incident Response and Management, Reporting and Analytics, Legal Investigation support (as it pertains to security incidents), Breach or Insider Threat management, Firewall Change Requests (though we've recently hired a contractor to assume this responsibility until I can offload it to another team).
- Supervise and participate in day-to-day information security operations, including monitoring, analysis, detection and escalation of security risks and threats to Company systems and business
- Coordinate information security incident response team, as well as serve as the Company point-of-contact for information security operational requests
- Provide overall direction during execution of the incident response process, providing advanced analysis and direction, facilitating appropriate escalations and serving as the conduit for event communications to management.
- Direct completion of post mortem analysis, document findings and provide recommendations to proper security and infrastructure teams for appropriate corrective actions.
- Provide coordination of operational tasks from requests to execution (including providing hands/feet support for external vendor)
- Oversee the vendor who provides Managed Security Services
- Ensure security monitoring and incident response systems (SIEM) are maintained in a state of readiness
- Manage and monitor Enterprise Endpoint protection (AV/Malware, Client Firewall, Internet and DMZ Firewall, Intrusion Detection etc.)
- Manage Vulnerability scanning and reporting
- Maintain relationships with technology vendors supported by SOC
- Oversee and maintain relationship with external incident response vendor
- Provide operational metrics
- Build strong working relationships with other IT teams (Client Platform Support, Mobile, Server, Network, Software Delivery) to work on security tasks
- Champions continuous improvement within SOC, identifying automation opportunities and tools that could improve the ability of the team to detect and react to events
- Direct the building and update Security Operations SOPs
Preferred Education & Experience:
- Five (5) years of technical experience in a security related technical field
- Strong analytical and problem solving skills with the ability to synthesize big picture and detailed technical issues rapidly and accurately. Ability to multi-task, effectively prioritizing and executing tasks in a high-pressure environment.
- Ability to communicate situation reports to both highly technical and non-technical individuals so that each has a clear understanding of the situation, the impact and next steps.
- CISSP (or CISM), ITIL, GCIH/GIAC certifications recommended
- Has lead a security team of 3 or more individuals for at least 3 years
- Demonstrated ability to motivate, mentor, coach and lead technical teams
- Strong continuous improvement problem-solving and mentoring skills
- Strong verbal and written communication, facilitation, and interpersonal skills