Role: SOC Manager
Location: Gaydon, UK
Duration: Contract
Job Description:
Your responsibilities:
* Manage service and process improvements of SOC, auditing SOC incidents, identifying new use cases and automations
* POC for SOC engineering team, threat intelligence analyst and Threat exposure management
* Act as a point of escalation for Level-2 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques
* Act as the lead coordinator to individual information security incidents
* Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks (tools, techniques, Procedures) in support of technologies managed by the Security Operations Centre.
* Document incidents from initial detection through final resolution
* Ensure threat management, threat modelling, identify threat vectors and develop use cases for security monitoring
* Create reports, dashboards, metrics for SOC operations and presentation to Sr. Mgmt.
* Act as focal point for any investigations involving security; to prepare reports and note follow up action
* Participate in the role of Incident Manager during any incidents and emergencies
* Ensure that all business recovery/contingency plans and/or procedures held within the security control rooms are always kept up to date
* Coordinate with IT teams on escalations, tracking, performance issues, and outages.
Your Profile
Essential skills/knowledge/experience:
* Strong knowledge in Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM) and SOC advancements such as EDR and SOAR
* Good knowledge of SIEM technologies, like Google Chronicle, Splunk ES or QRadar
* In-depth familiarity with security policies based on industry standards and best practices
* Experienced within the information security field, with emphasis on security operations, incident management, intrusion analysis, security device installations, configuration, and troubleshooting (e. g., firewall, IDS, etc.)
* Experience in Log source integration and in Developing new correlation rules & Parser writing
* Experienced in SOC automation development, cloud operations (e. g. AWS), Designing, building security operations centers and Regulatory Compliance
* Ability to lead and communicate efficiently within a team environment along with Incident management process development and/or incident management experience
* Solid understanding of information technology and information security required
* Excellent communication and presentation skills with demonstrated skill in presenting analytical data effectively to varied audiences (including executives)
* Ability to work well under pressure with differing levels of Management.
Desirable skills/knowledge/experience:
* Experience of Agile ways of working.