Job Description: SOC Manager
ESSENTIAL RESPONSIBILITIES
• Leadership & Team Management: Leads the SOC team providing clear direction, fostering teamwork and collaboration. Regularly assesses the strengths and weaknesses of team members, providing mentoring, coaching, and opportunities for growth. Hands-on execution across operational challenges, making decisive judgments while ensuring high morale and cohesion.
• Incident Management: Ensures that all security events and incidents are identified, categorized, and responded to promptly and thoroughly. This includes setting up appropriate escalation processes, coordinating between various teams for cross-functional incidents, and ensuring that incidents are closed with comprehensive documentation and lessons learned.
• Continuous Improvement: Regularly reviews and analyzes the efficiency of the existing operations processes, tools, and protocols. Implement changes based on findings, feedback from the team, and changing threat landscapes. This also involves staying updated with advancements in SOC technologies and methodologies.
• Technology Management: Oversees the implementation, configuration, and continuous tuning of various security tools, including the client’s Security Platform.
• Training and Development: Designs and implements a continuous training plan for the existing and new SOC team members, ensuring they have the latest skills and knowledge and are onboarded and productive as quickly as possible. This also involves organizing periodic simulation exercises (like red teaming) to test and improve incident response capabilities.
• Reporting: Establishes a comprehensive reporting framework that offers insights into the SOC's performance. This includes metrics on incident volumes, response times, and resolution success rates.
These reports should be presented to stakeholders clearly, actionable, highlighting successes and areas for improvement.
REQUIRED EXPERIENCE
• Minimum of 6+ years in cybersecurity roles with at least 3 years in a SOC leadership position.
Experience in an MSSP or a large-scale global SOC is highly preferred.
• Experience in actively managing the lifecycle of security incidents.
• Strong knowledge and familiarity with major cloud provider technologies (AWS, Azure, etc.)
• Solid understanding of networking protocols and infrastructure designs, including cloud infrastructures, routing, firewall functionality, host and network intrusion detection systems, encryption, load balancing, and other network protocols.
• Experience with virtualization technologies (VMware, Microsoft Hyper-V).
• Experience with the following tools and technologies:
– Security Information and Event Management (SIEM)
– Intrusion Detection & Prevention (IDP)
– Endpoint Detection & Response (EDR)
– Network Detection & Response (NDR)
– Network Analysis tools - Wireshark, tcpdump, etc.
– Scripting in Python, Bash, PowerShell
• Experience in regulated environments such as HIPAA or PCI preferred.
• Strong governance skills in time management, project management, and stakeholder management.
• Excellent communication skills, with ability to lead security-reviews with clients; keep stakeholders appraised of key issues/risks/incidents.
PREFERRED CERTIFICATIONS
• CISSP – Certified Information Systems Security Professional
• CISM – Certified Information Security Manager
• OSCP – Offensive Security Certified Professional
• CEH – Certified Ethical Hacker
• GSEC – SANS GIAC Security Essentials
• CompTIA – Security
OTHER REQUIREMENTS
· Flexibility of schedule is required to meet the demands of the position.
· This role requires to work in shifts (including night shift) and support clients in North America.