Hiring Manager - SOC Monitoring
Years of Experience
- Overall 10+ years’ experience working in a large-scale IT environment focusing on Information Security.
- Minimum five years experience in Information and Cyber Security.
- Minimum three years experience in Information and Cyber Security Incident.
- Minimum three years experience in managing a SOC team.
- Minimum three years experience with SIEM technologies.
Education – A Bachelor’s Degree in Computer Science or Information Technology (Any area).
Needed Certifications
- ISC2 Certified Information Systems Security Professional (CISSP) and/or GIAC Certification.
Needed Skills
- Expert in incident response and recovery handling methodologies.
- Knowledge of Cyber kill chain and other frameworks such as NIST, ISO, SANS, etc.
- Knowledge of defense-in-depth techniques and of different classes of attacks (e.g., passive, active, insider, close-in, distribution)
- Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non-nation state sponsored], and third generation [nation state sponsored]).
- Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- Knowledge of which system files (e.g., log files, registry files, and configuration files) contain relevant information and where to find those system files.
- Knowledge of hacking methodologies in Windows or Unix/Linux environment Surveillance and penetration testing principles, tools, and techniques (e.g., Metasploit, NeoSploit).
- Knowledge of programming language structures and logic.
- Knowledge of web mail collection, searching/analyzing techniques, tools, and cookies Web Technology.
- Skill in performing damage assessments.
- Skill in performing packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump)
- Knowledge of malware and malware analysis tools (e.g., Olly Debug, Ida Pro).
- Skill in analyzing anomalous code as malicious or benign.
- Knowledge of virtual machine-aware malware, debugger-aware malware, and packing.
- Skill in interpreting the results of the debugger to ascertain tactics, techniques, and procedures.
- Knowledge of types and collections of persistent data and of basic concepts and practices of processing digital forensic data.
- Skill in analyzing memory dumps to extract information in analyzing volatile data and identifying obfuscation techniques.
- Knowledge of forensic processes for seizing and preserving digital evidence (e.g., a chain of custody).
- Skill in preserving evidence integrity according to standard operating procedures or national standards.
- Knowledge of Cyber Threat Intelligence, Endpoint Protection, Security Orchestration, and Automation technologies.
- Knowledge in implementing and managing various processes related to security operations.
- Knowledge of current and emerging threats/threat vectors.
- Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
- Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.
- Knowledge of new and emerging information technology (IT) and information security technologies.
- Skill in developing, testing, and implementing network infrastructure contingency and recovery plans.
- Skill in evaluating the trustworthiness of the supplier and/or product.
- Knowledge of new and emerging information technology (IT) and information security technologies.
- Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
- Knowledge of Information security GRC, standards, best practices, and concepts.
- Knowledge of applicable Information and cybersecurity-related laws and regulations.
- Knowledge of disaster recovery and continuity of operations plans.
- Motivating and empowering the team.
- Active involvement in management discussions.
- Possess strong people and process management skills.
- Excellent interpersonal, presentation, and facilitation skills.
- Coordinated efforts aligned with the bigger picture to maximize the overall value of SOC delivery.
- Collaborate and build relationships with internal and external parties to support SOC operations.
- Self-motivated, curious, and knowledgeable about information security news and current events.
- Highly result oriented and able to work independently.
- Ability to build relationships and interact effectively with internal and external parties.
- Good analytical, technical, written, and verbal communication skills.
- Ability to multi-task in a fast-paced and demanding work environment.
- Ability to lead the team with good coordination skills.
- Comfortable with a high-tech work environment and constantly learning new tools and innovations.
- Good working knowledge of Office tools.
- Ability to work effectively and lead a team to accomplish SOC goals and objectives.
- Must be an articulate and persuasive leader who can communicate security-related concepts to various technical and non-technical staff.
- Self-motivated, curious, and knowledgeable about information security news and current events.
Key Responsibilities
- Ensure the SOC operations focus on achieving the SOC vision, mission, objectives, and goals.
- Advise appropriate senior management or authorizing changes affecting the organization's information and cyber security posture.
- Collect and maintain data needed to meet security reporting to management. Assist in preparing the annual budget for Security operations.
- Ensure that information and cyber security requirements are integrated into that system’s continuity plans and, or organization.
- Facilitate the security operations data required for information security risk assessments during the Security Assessment and Authorization (SA&A) process.
- Participate in developing or modifying the SOC program, plans, and requirements.
- Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the organization’s information system(s) security operations.
- Oversee SOC delivery and resource management.
- Manage the rotation of resources in the SOC and regularly prepare the shift roster.
- Responsible for the recovery and forensic investigation of incidents.
- Ensure the compliance of SOC to the SLA, organization policies, and other regulatory requirements. Identify and report any deviations in the defined SOC process.
- Design, build, implement, and maintain a knowledge management system that provides the SOC section with adequate information to operate the SOC.
- Ensure the Incident resolution and false positives knowledge base is updated continuously.
- Led the Incident response team, coordinated and drove the Incident recovery activities with internal and external parties.
- Ensure the overall quality of the SOC operations.
- Regularly track the timeline compliance of the SOC activities.
- Regularly review the processes, procedures, and activities the SOC team follows and propose changes if there is a scope for improvement.
- Develop and evaluate metrics to measure the performance of the SOC team.
- Provide suggestions to add/remove event sources under monitoring scope.
- Co-ordinate with CPX internal teams in performing the incident drill.
- Submit incident drill summary report to management and propose changes in the process if necessary.
- Oversee incident response planning and handling, as well as the investigation of security breaches, and provide prevention and recovery progress to management.
- Periodically measures the performance of the SOC and reports the results to the management.
- Evaluate new technologies and tactical process that helps to optimize or improve the SOC operations.
- Mentor the SOC section with the latest security trends, threat detection, and analysis techniques, etc., via internal training, external training, classroom training, and team meetings.
- Ensure all the SOC reports, documents, and records are prepared daily as required.
