Security Operating Centre (SoC) Manager

 

ABC seeks to recruit a Security Operating Centre (SoC) Manager in the Group Cyber and Information Security Department.

The primary role of this position is to support the Group Information Security team in analysing and assessing security events and vulnerabilities in the infrastructure (i.e., software, hardware and networks); analysing and assessing damage to the data or infrastructure as a result of IT incidents; testing for compliance with security policies and standards; implementing, monitoring, and maintaining information security operational processes; and producing reports for the assessment and functioning of information security operations.

The SoC Manager oversees the L1/L2 SoC activities and manages the internal incident response efforts in coordination with the Lad Security Analyst and the GCISO.  In addition, the position provides full and continuous support to the GCISO in IT/security matters, involvement in on-going systems/tools implementations and business projects.  Performs special reviews, investigations, due diligence reviews and other non-routine assignments at the behest of the department head. 

Scope of the Job

Research & Planning:

• Plan, research and design robust log management for any IT project/solution
• Develop threat use cases scenarios to collect events and alert on specific scenarios
• Aligning new security solutions with existing log management needs
• Lead and coordinate assessment of existing and target / implemented log management and monitoring architecture
• Reduce downtime and ensure business continuity of the log management services, including the SoC
• Perform L3 analysis and deals with alerts escalated by the L1-L2 SoC 

Cost, Planning, Project Management:

• Prepare cost estimates and identify integration issues for solutions
• Handle Incident Response retainers and coordinate third party engagements
• Establish meaningful measures & metrics for SoC performance and SLAs monitoring.

 

Engineering:

• Understanding of log generation Security Engineering outputs and able to oversee and incorporate into security planning
• Able to incorporate security measures into the existing, resultant or target architecture
• Carry out vulnerability assessments and penetration tests to assess the resilience of the log collection, alerting and monitoring arrangements.

 

Implementation:

• Coordinate the installation of security solutions and managing the configuration of said solutions
• Identify opportunities to automate processes and activities and coordinating implementation of automation
• Identify gaps in log collection and alerting, and incident response.

 

Testing:

• Coordinate the testing of all SIEM and SoC related security solutions including hardening configurations

 

Training & Knowledge share:

• Expert knowledge in cyber security incident response activities
• Organize and maintain documentation for table-top exercises.

 

Governance:

• Define, implement and maintain corporate procedures
• Monitor issues / remediation activities to ensure gap closure to fulfil security control objectives
• Coordinate with other members of Group IT, Cyber & Information Security, and end-user departments to sustain appropriate technical and procedural controls to support the industry and regulatory mandatory security objectives.

 

Strategies:

• Test and maintain incident response plans and playbooks to address existing and emerging threats
• Help develop and implement the cyber and information security vision, strategy, and annual plan.

 

Product Responsibilities:

• Manage technical relationships with assigned vendors, including driving features and function request for inclusion in future product releases.
• Will be the Product Owner for all audit log collection and alerting solutions

 

Other Duties:

• Reporting findings to management
• Perform ad hoc additional duties as required

 

Job Context

The aim of the security operation centre and incident response team is to identify, analyse and react to cybersecurity events using a set of processes and technology solutions.  The team includes a lead, a manager, an officer and a third party who work together with other security and IT personnel to address potential and actual security incidents.  The team collects audit log events and analyses activity on servers, endpoints, network devices, and other technology systems. The team members, who are supported by a L1-L2 24*7 external SoC, provide a critical layer of internal analysis needed to confirm and seek out any unusual activity that could suggest a security incident.

Under general supervision the job holder performs professional and technical work in the Information Security department in developing, implementing and maintaining information security standards, processes, tools and controls through Head Office.  Assists the team and other personnel to identify and analyse threats and vulnerabilities posing risks to data, applications, systems and other information assets.  Manages the scope, schedule and other resources that may be required to deploy the Information Security programme through the Group.  Travel may be required.  Performs other related work as required.

 

Areas of Knowledge, Qualification and Experience

• At least 8 years of relevant IT and security experience
• 5+ years of direct hands on experience on a SoC/CIRT team
• Experience in managing L1/L2 activities
• Experience in working with SIEM solutions
• University degree with an IT background
• Recognized and active information security qualifications (e.g., CISSP, CISM, EC Council or SANS related certifications)
• Strong team player
• Fluent in English (mandatory)
• Knowledge of current and emerging technologies and tactics used within a SoC/CIRT and how they can be applied to improve efficiency and effectiveness.
• Able to tune correlation rules and outcomes via SIEM and security orchestration, automation, and response platforms.
• Understanding of IPS, firewalls, WAFs, and reputation systems
• Good knowledge of security design
• Good understanding of security design patterns
• Experience with network security and networking technologies and with system, security, and network monitoring tools
• Understanding of Information Security frameworks (e.g., ISO 27001/27002, NIST CSF, CIS TOP 20)
• Understanding of the information security industry and the current threat landscape
• Broad understanding of the information security domains: infrastructure security, access management, physical security, application security, Security Compliance, and IT Change Management
• Ability to organise and prioritise tasks
• Able to conduct the role with minimum supervision
• Strong communication skills capable of dealing with wide range of internal and external stakeholders.

Apply for this position