Security Operations Manager

Hiring - Manager - SOC Monitoring

We are excited to offer this opportunity exclusively for Emirati nationals as per the Emiratization policy.

Years of Experience

• Overall 10+ years’ experience working in a large-scale IT environment focusing on Information Security.
• Minimum five years experience in Information and Cyber Security.
• Minimum three years experience in Information and Cyber Security Incident.
• Minimum three years experience in managing a SOC team.
• Minimum three years experience with SIEM technologies.

.

Education – A Bachelor’s Degree in Computer Science or Information Technology (Any area).

Needed Certifications

• ISC2 Certified Information Systems Security Professional (CISSP) and/or GIAC Certification.

Needed Skills

• Expert in incident response and recovery handling methodologies.
• Knowledge of Cyber kill chain and other frameworks such as NIST, ISO, SANS, etc.
• Knowledge of defense-in-depth techniques and of different classes of attacks (e.g., passive, active, insider, close-in, distribution)
• Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non-nation state sponsored], and third generation [nation state sponsored]).
• Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Knowledge of which system files (e.g., log files, registry files, and configuration files) contain relevant information and where to find those system files.
• Knowledge of hacking methodologies in Windows or Unix/Linux environment Surveillance and penetration testing principles, tools, and techniques (e.g., Metasploit, NeoSploit).
• Knowledge of programming language structures and logic.
• Knowledge of web mail collection, searching/analyzing techniques, tools, and cookies Web Technology.
• Skill in performing damage assessments.
• Skill in performing packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump)
• Knowledge of malware and malware analysis tools (e.g., Olly Debug, Ida Pro).
• Skill in analyzing anomalous code as malicious or benign.
• Knowledge of virtual machine-aware malware, debugger-aware malware, and packing.
• Skill in interpreting the results of the debugger to ascertain tactics, techniques, and procedures.
• Knowledge of types and collections of persistent data and of basic concepts and practices of processing digital forensic data.
• Skill in analyzing memory dumps to extract information in analyzing volatile data and identifying obfuscation techniques.
• Knowledge of forensic processes for seizing and preserving digital evidence (e.g., a chain of custody).
• Skill in preserving evidence integrity according to standard operating procedures
• Knowledge of Cyber Threat Intelligence, Endpoint Protection, Security Orchestration, and Automation technologies.
• Knowledge in implementing and managing various processes related to security operations.
• Knowledge of current and emerging threats/threat vectors.
• Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
• Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.
• Knowledge of new and emerging information technology (IT) and information security technologies.
• Skill in developing, testing, and implementing network infrastructure contingency and recovery plans.
• Skill in evaluating the trustworthiness of the supplier and/or product.
• Knowledge of new and emerging information technology (IT) and information security technologies.
• Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
• Knowledge of Information security GRC, standards, best practices, and concepts.
• Knowledge of applicable Information and cybersecurity-related laws and regulations.
• Knowledge of disaster recovery and continuity of operations plans.
• Motivating and empowering the team.
• Active involvement in management discussions.
• Possess strong people and process management skills.
• Excellent interpersonal, presentation, and facilitation skills.
• Coordinated efforts aligned with the bigger picture to maximize the overall value of SOC delivery.
• Collaborate and build relationships with internal and external parties to support SOC operations.
• Self-motivated, curious, and knowledgeable about information security news and current events.
• Highly result oriented and able to work independently.
• Ability to build relationships and interact effectively with internal and external parties.
• Good analytical, technical, written, and verbal communication skills.
• Ability to multi-task in a fast-paced and demanding work environment.
• Ability to lead the team with good coordination skills.
• Comfortable with a high-tech work environment and constantly learning new tools and innovations.
• Good working knowledge of Office tools.
• Ability to work effectively and lead a team to accomplish SOC goals and objectives.
• Must be an articulate and persuasive leader who can communicate security-related concepts to various technical and non-technical staff.
• Self-motivated, curious, and knowledgeable about information security news and current events.

Key Responsibilities

• Ensure the SOC operations focus on achieving the SOC vision, mission, objectives, and goals.
• Advise appropriate senior management or authorizing changes affecting the organization's information and cyber security posture.
• Collect and maintain data needed to meet security reporting to management. Assist in preparing the annual budget for Security operations.
• Ensure that information and cyber security requirements are integrated into that system’s continuity plans and, or organization.
• Facilitate the security operations data required for information security risk assessments during the Security Assessment and Authorization (SA&A) process.
• Participate in developing or modifying the SOC program, plans, and requirements.
• Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the organization’s information system(s) security operations.
• Oversee SOC delivery and resource management.
• Manage the rotation of resources in the SOC and regularly prepare the shift roster.
• Responsible for the recovery and forensic investigation of incidents.
• Ensure the compliance of SOC to the SLA, organization policies, and other regulatory requirements. Identify and report any deviations in the defined SOC process.
• Design, build, implement, and maintain a knowledge management system that provides the SOC section with adequate information to operate the SOC.
• Ensure the Incident resolution and false positives knowledge base is updated continuously.
• Led the Incident response team, coordinated and drove the Incident recovery activities with internal and external parties.
• Ensure the overall quality of the SOC operations.
• Regularly track the timeline compliance of the SOC activities.
• Regularly review the processes, procedures, and activities the SOC team follows and propose changes if there is a scope for improvement.
• Develop and evaluate metrics to measure the performance of the SOC team.
• Provide suggestions to add/remove event sources under monitoring scope.
• Co-ordinate with CPX internal teams in performing the incident drill.
• Submit incident drill summary report to management and propose changes in the process if necessary.
• Oversee incident response planning and handling, as well as the investigation of security breaches, and provide prevention and recovery progress to management.
• Periodically measures the performance of the SOC and reports the results to the management.
• Evaluate new technologies and tactical process that helps to optimize or improve the SOC operations.
• Mentor the SOC section with the latest security trends, threat detection, and analysis techniques, etc., via internal training, external training, classroom training, and team meetings.
• Ensure all the SOC reports, documents, and records are prepared daily as required.