SOC Manager

Hi, Please find below the job description for SOC Lead, Work location Bangalore

If interested please send your profile to manikandan.g@itcinfotech.com

Looking only for short joiners who can join within 15 days. Mention your Current CTC, Expected CTC and Notice period

SOC Lead (Job Description):

SOC Lead will be responsible for responsible for overall operations of Security Operations Centre. SOC is responsible to continuously monitor and analyze security threats and defends against potential security breaches; actively isolate and mitigate security risks. You lead a 24x7 Security Operations Centre (SOC) team.

Job Responsibilities

• Overall responsibility for the security operations including incident and response.
• Responsible for team & vendor management, overall use of resources and initiation of corrective action where required for Security Operations Center
• Provide leadership for the SOC operations.
• Collaborate and follow up with internal and external teams on response, remediation of incidents.
• Provide leadership & oversight for SOC operations.
• Proactively identify and mitigate cyber security threats.
• Threat intelligence and its integration. Integration of Threat feeds
• Develop and maintain security SOC related procedures including incident response.
• Responsible for developing SOC metrics, reports, dashboards, and presentation to management. Responsible for continuous improvement plans
• Support internal and external audits.
• Lead and participation in emergency SOC call from 24 x 7 SOC monitoring.
• Respond to incidents by collecting, analyzing, and preserving digital evidence to assist with the Incident Responders in remediation of critical information security incidents.
• Proactively mitigate cyber security risks and strengthen the attack detection and response processes.
• Improve and challenge existing processes and procedures in an agile and fast-moving information security environment.
• Threat Hunting
• Perform threat management, threat modeling, identify threat vectors and develop use cases for security monitoring.
• Responsible for integration of standard and non-standard logs with SOC platforms and tools
• Manage and support the log collection, security scanning, intrusion detection, proxy, mail gateway and other security technologies.
• Malware Analysis
• Review, triage security alerts, provide analysis, suggest remediation, track remediation.
• Support in resolving security incidents.
• Investigate and respond to security incidents.
• Monitor networks and systems for potential threats.
• Knowledge of network data flows, ports, protocols, and other network and application services/technologies.
• Responding to alerts from the various monitoring/detection systems and platforms within defined SLAs.
• Current knowledge of security threat intelligence and recent attack vectors
• Strong forensics analysis skills
• Mentor and train team members
• Knowledge on ITIL processes

Minimum Qualification & Background:

• 8-10 years of Information Security experience. Minimum 3 years as a SOC Manager or Lead in a large 24x7 Security Operations Centre (SOC)
• Implementation knowledge on SIEM technology (IBM/HP/LogRhythm/Splunk/Sentinel), Vulnerability management tools (NESSUS/Qualys), EDR and SOAR etc.
• Ability to write technical documentation and present technical briefings to diverse audiences.
• Strong understanding of threat landscape in terms of the tools, tactics, and techniques of threats employing both commodity and custom malware.
• Knowledge of Information security life cycle, policies, process, and standards.
• Relevant security certification will be a plus.
• Knowledge of AWS, Azure and GCP
• Knowledge of current security threats, techniques, and landscape.
• Security events, incident review and triage experience with Endpoint Detection and Response (EDR) tools
• Experience and knowledge related to the configuration and maintenance of security monitoring and reporting platforms.
• Ability to conduct detailed analysis of various security related events like Phishing, Spoofing, Ransomware and SQL Injections etc.
• Incident Response experience (identifying, investigating, and responding to complex attacks)
• Experience with threat hunting.