We are looking for an SOC Manager to join our team located in Kochi, Kerala.The Security Operations Centre (SOC) Manager will plan, direct and control the SOC functions and operations. Ensure the monitoring and analysis of incidents to protect People, Technology and Process addressing all security incidents and ensuring timely escalation. Direct the Cyber Intelligence capability to identify potential threats delivering strategic reports and strategies to minimise the impact of the threat for our customers. The SOC Manager delivers the SOC services to our customers and provides technical advisory for the pre-sales activities by our sales team
Leading and managing the Security Operations and team of security operational staff members. Manage, mentor, and develop a global SOC team, while also acting as an escalation resource
Design, build, run, and own automation to detect, contain, and eradicate security threats
Identify and implement processes and tools to improve the automation and efficiency of monitoring, detection, and response to threats and incidents
Primarily responsible for ensuring incident identification, assessment, quantification, reporting, communication, mitigation and monitoring
Lead the Cyber Incident Response Team (CIRT), as the Incident Commander, in responding to active and time-sensitive threats, including communications and coordination across different team
Conduct human-driven, proactive, and iterative hunts through enterprise networks, endpoints, or datasets to detect malicious, suspicious, or risky activities that have evaded detection by existing tools
Ensuring compliance to policy, process, and procedure adherence and process improvisation to achieve operational objectives
Revising and developing processes to strengthen the current Security Operations Framework, Review policies and highlight the challenges in managing SLAs
Ensuring threat management, threat modeling, identify threat vectors and develop use cases for security monitoring
Creation of reports, dashboards, metrics for SOC operations and presentation to Sr. Mgmt.
Stay current with evolving global security standards and requirements through ongoing personal and professional development
Conduct periodic customer, vendor and account audits
Support in reviewing the RFPs, RFIs & RFQs and understand the requirement and develop scope of work
Understand the requirements of the target customers and act as the voice of the customer internally
Prepare effort estimations for involved service lines
8+ years of progressive experience in security and 3+ years directly managing a distributed security operations team
Experience in designing and deploying SOC operations using Azure Sentinel
Advanced certifications showcasing expertise in the security field (CISSP, CISA, CISM, etc.)
Ability to work either independently or collaboratively in a dynamic and fast-paced environment, with minimal direct supervision
Strong analytical and problem-solving skills for investigating security issues.
Ability to build and develop the appropriate team that delivers on key objectives and navigates the security landscape
Ability to build constructive relationships with diverse groups of people, including internal and external stakeholders
Demonstrable documentation and reporting skills.
Experience with Incident Response, analysis of network traffic, log analysis, ability to prioritize and differentiate between potential intrusion attempts and false alarms, managing and tracking investigations to resolution
Familiar with both on-premise and cloud networking concepts.
Prior experience with teams of 10+ FTEs in a 24x7x365 SOC with multiple shifts is strongly preferred
The following skillsets are preferred
Firewall Administration (Fortinet, Palo Alto, Checkpoint, Watchguard, etc.)
Familiar with scripting languages and/or automation tools (python, powershell, ruby, ansible, chef etc.).
Vulnerability Scanning & Management – Tenable Nessus, Qualys, etc.
Endpoint Protection Deployment, Administration, & Troubleshooting (SentinelOne, CrowdStrike, etc.)
SIEM Experience – (IBM QRadar, Splunk, Logrythm, AT&T USM Anywhere etc.)