The goals of the team are to ensure that issues adversely affecting the business are quickly diagnosed, workarounds are determined, proper root cause analysis is performed, and actions are taken to ensure that the issue does not reoccur.
The Security Operations Center function is a vital piece of the organization ensuring company information and information systems are protected from unauthorized access/intrusion, use, disclosure, disruption, modification or destruction, by utilizing the various operational security controls, processes and policies in place.
The Security Operations Center (SOC) Team Lead will be responsible for monitoring, reporting, managing security controls. He/she will report to the SOC Manager and take responsibility for the day-to-day operations of the team, providing overall guidance and supervision to the SOC analysts. He/she will coordinate triage with stakeholders on security alerts and perform Incident Response if needed. He/she will coach and mentor the SOC analysts in performing routine SOC tasks and be able to lead new SOC initiatives. He/she will be in-charge to review reports, perform SOC lead task, and manage SOC analyst shifts. The SOC Team Lead is the primary escalation point. He/she will handle the team's operations in the absence of the SOC Manager.
Key Responsibilities: Leadership and Management: Manages team productivity and utilization. Supervise Level 1 and Level 2 SOC Analysts on their BAU tasks to ensure seamless 24/7 operations coverage.Provides mentorship, guidance,and onboarding training for SOC Analysts.Develop and maintain SOC processes, procedures and use cases for the SOC team.Facilitates daily team huddle for handover, operations updates and/or discuss relevant team issues.Threat & Incident Management: Monitor and analyze Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), different network security technologies and Security Incident and Event Management (SIEM) event logs to identify security attacks and threats for remediation/suppression.Assist in developing an optimized SIEM environment, through the analysis of alerts and potential threats, and proposing improvements.Participate in the information security incident response/management process which encompasses triage, investigation (including log and malware analysis), response and mitigation.Support the team in ensuring security tools are implemented correctly and that corporate security policies and operational procedures are followed appropriately.Desired Skills & Experience 5+ years of information security related experience, in areas such as: security operations, incident analysis, incident handling, and vulnerability management or testing, log analysis, intrusion detectionExperience in SECOPS process as a Senior Security Analyst leading a team.In depth experience with the following technologies: industry-leader SIEM technologies, IDS/IPS, network- and host- based firewalls, data leakage protection (DLP) and anti-virus softwareKnowledge of computer forensic tools, technologies and methods.Advanced knowledge in system security architecture and security solutionsProfessional experience in a system administration role supporting multiple platforms and applications.In depth hands-on experience with at least two of the following technologies: Unix administration, Windows Server administration, Active Directory,Windows Workstation, Routers /Switches management, Firewall Management,SANS/NAS, Web servers, IAM/AAA, IDS/HDS, System vulnerability scanning tools, application/database vulnerability scanning toolsIn depth understanding of possible attack activities such as (but not limited to) network probing/ scanning, DDOS, malicious code activity and possible abnormal activities, such as worms, Trojans, viruses, etc.Familiarity with Information Security industry standards/best practices and relevant regulations (e.g. PCI DSS, SOX, NIST, ISO, CobiT)Scripting experience in Linux or PowerShell preferred.Understanding of AWS Environment, and security technologies applied to it.Security Certification such as SEC+, CySA+, CEH or other relevant certifications is a plus.Excellent leadership and interpersonal skills to foster good relationships within the team and the organization.Excellent oral and written communication skills to communicate network security incidents and remediations steps, and/or process improvements within IT, other business teams, and the management team within the organization.Passion to learn and contribute to the ongoing development of the team.Strong organizational skills to handle diverse workloads, conflicting priorities, and concurrent activities.
#J-18808-Ljbffr