SOC Lead/Manager (Security Operations)

SOC Analyst Lead

Roles and Responsibilities:

Formulate and define the strategic direction for Managed Detection & Response as a managed service.

Grow pipeline of the solution, by working closely with internal and external channels.

Identify and create pull through opportunity for other managed services and consulting services.

Keep abreast of industrial, technology and business trends.

Perform investigation and orchestration for complex/high severity security alerts, threats or incidents.

Provide the people, process and technology background to ensure timely detection, identification and alerting of possible attacks/intrusions, anomalous activities, intrusion attempts/compromises, malicious behavior, insider risk, and misuse activities to distinguish these incidents from benign activities.

Isolate, triage and eradicate malicious behaviors.

Serve as the lead point of contact facilitating incident response orchestration with client.

Lead research, analysis and correlation efforts across a variety of all source data sets/collectors, log collectors and threat feeds to inform and guide the strategic direction of the offering.

Monitor competitive landscape in pricing, capabilities and offerings to analyze and report system security posture trends.

Direct technical product managers in developing new or modified solutions for Managed Detection and Response.

As a leader of a team, ensure that the right things are being worked on at the right time, and ensure quality throughout.

Working with value architect to create pricing for opportunities.

Provide ongoing strategic context for your team and clients, educating, sharing and capturing qualitative and quantitative metrics that corroborate decision making.

Develop and maintain materials to communicate offering, value proposition and customize it to individual opportunity.

Analysis of alerts from Security Event and Information Management tools, ideally Azure Sentinel (not required).

Create and develop SOC processes and procedures, lead strategy development, methodology and execution of Use Case Catalog working with Level 1, Level 2 and Level 3 Analysts.

Required Technical skills and Qualifications:

At least 10+ years of experience leading Enterprise Security Operations Centers or Managed Detection and Response analyst or incident response teams in any of the following: lead security operations center analyst (L3), threat hunting, penetration testing, digital forensics, incident response, recognizing and categorizing organizational vulnerabilities and attacks, on-prem, hybrid and cloud security concepts and protocols, providing customer technical readiness, delivery support services, on premise and remote technical support, solution development, technical requirements gathering; thought leadership, broad evangelism through events (presentation skills) or related.

Certifications: CEH, GIAC, OSCP, CREST, GCIH, CCIA, GPEN, Platform Certifications (Microsoft, Splunk, Sentinel, etc.).

Experience with one or more of the following: Cyber-Security solutions, Security Operation Center, Threat Intelligence Management, Vulnerability Research, Digital Forensics, Incident Response, Endpoint Management, Network Security

Product Management experience with Software as a Service (SaaS) or Infrastructure as a Service (IaaS) offerings for enterprises.

Experience in the enterprise software market and with services / product companies.

Demonstrated understanding of the techniques and methods of modern product discovery and product delivery.

Knowledge of a global, 24/7, high availability and high trust operation aspects of managed services.

Familiarity with engineering work of a security operation center.

3+ years Level 3 SOC Analyst experience.

Desired Background and Experience:

Master's or Bachelor's degree; or an equivalent experience in lieu of degree.

Microsoft Security Suite.

Microsoft Azure.

Experience developing and analyzing reports generated of SIEM tools.

Advanced understanding of operating system, application, network, etc. and exploitation techniques.

Reverse Malware Analysis.

Incident Response and handling methodologies, procedures and execution.

Background performing packet-level analysis.

Experience with tools such as; Nslookup, CrowdStrike, Kali Linux, Traceroute, Nmap, Nikto, NetStumbler, Metasploit, Wireshark, Aircrack Intruder, etc.

Experience with network-based User and Entity Behavior Analytics.