SOC Incident Handling Manager
Posted on Aug 23, 2019 by Request Technology
A prestigious company is on the search for a SOC Center Incident Handling Manager. This individual will be managing the SOC center incident handling, incident response, and forensics teams. They will mentoring, doing capacity management, performance management, and incident review. They are looking for someone with 10+ years of incident handling and incident response experience. This role will be working on vulnerabilities management and will lead investigations and direct incident handlers. This person needs advanced log parsing and analysis skills.
- Provide day-to-day oversight for incident handling, incident response, and forensic teams.
- Review all incidents and participate in all shift turnover meetings.
- Lead weekly incident review meetings with L2 and L3 incident handlers.
- Manage relationship with MSSP vendor and ensure that SLAs are being met.
- Responsible for overall ownership of all incident handling, incident response, and forensics playbooks, procedures, and workflows.
- Participate in weekly IH/IR and SIEM engineering calls to drive down false positives of SIEM content.
- Serve as a subject matter expert as it pertains to the incident handling and incident response processes.
- The ideal candidate will have 10+ years incident handling and incident response experience.
- They should have technical knowledge of network security, operating system security, vulnerability management, common attacker techniques and exploits, encryption, and SIEM.
- They should know how to lead investigations and direct incident handlers and question the investigative process being followed.
- They should have experience in writing both technical incident investigation reports as well as reports for senior leadership.
- They should have experience in managing teams of 8 or more people and providing mentorship.
- Advanced log parsing and analysis skill sets
- Advanced knowledge of networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc.)
- Moderate knowledge of Windows, Unix/Linux, and Mac operating systems
- Moderate knowledge of SIEM technologies and use case design
- Moderate knowledge of malware operations and indicators
- Moderate knowledge of network defenses such as Firewalls, IDS/IPS, Packet Capture, Proxies
- Moderate experience with Scripting
- Knowledge of forensic techniques
- Knowledge of audit requirements (PCI, HIPPA, SOX, etc.)
Security Certifications Preferred (Including but not limited to the following):
- Certified Information Systems Security Professional (CISSP)
- Certified Incident Handler (GCIH)
- Certified Intrusion Analyst (GIAC)
- Certified Ethical hacker (CEH)
- Certified Expert penetration tester (CEPT)
- Networking Certifications (CCNA, etc.)
- Platform Certifications (Microsoft, Linux, Solaris, etc.)