Overview
SOC Manager
Whitehall Resources are looking for a SOC Manager. This role is hybrid working with 2-3 days per week onsite in Warwickshire, and the remainder remote working, for an initial 6-month contract. Inside IR35.
Responsibilities
* Establish goals and priorities by working closely with your team to identify the most critical focus areas, including:
o Improving incident response times
o Reducing false positives and other extraneous alerts
o Enhancing threat detection capabilities
* Oversee your staff's activities and ensure they focus on the right priorities
* Oversee SOC activities by reviewing your team's performance metrics, incident reports and other key indicators
* Lead incident response efforts when a security incident occurs, ensuring the SOC team responds as quickly as possible
* Establish clear incident response procedures and protocols and convey them to the team
* Analyse incident reports to understand your organization's security posture by identifying patterns and trends that may indicate weaknesses or vulnerabilities in security defences
* Serve as the point of contact (POC) for security incidents within the company. You are the primary liaison between the SOC team, other internal stakeholders, and external parties such as vendors, clients or regulatory bodies
* Be responsible for conducting information security investigations as a result of security incidents identified by Level 2 security analysts monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone). Manage end-to-end security incident handling with a high level of technical expertise
* Report to the Customer about security operations. Keep the CISO and Head of Security Operations informed by preparing clear and concise reports that highlight key findings and recommendations about operations to align with the company's goals
Your responsibilities
* Manage service and process improvements of SOC, audit SOC incidents, identify new use cases and automations
* POC for SOC engineering team, threat intelligence analyst and Threat exposure management
* Act as a point of escalation for Level-2 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques
* Act as the lead coordinator to individual information security incidents
* Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks (tools, techniques, procedures) in support of technologies managed by the Security Operations Centre
* Document incidents from initial detection through final resolution
* Ensure threat management, threat modelling, identify threat vectors and develop use cases for security monitoring
* Create reports, dashboards, metrics for SOC operations and presentation to Sr. Mgmt
* Act as focal point for any investigations involving security; to prepare reports and note follow up action
* Participate in the role of Incident Manager during any incidents and emergencies
* Ensure that all business recovery/contingency plans and/or procedures held within the security control rooms are always kept up to date
* Coordinate with IT teams on escalations, tracking, performance issues, and outages
Essential skills and experience
* Strong knowledge in Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM) and SOC advancements such as EDR and SOAR
* Good knowledge of SIEM technologies, like Google Chronicle, Splunk ES or QRadar
* In-depth familiarity with security policies based on industry standards and best practices
* Experienced within the information security field, with emphasis on security operations, incident management, intrusion analysis, security device installations, configuration, and troubleshooting (e.g., Firewall, IDS, etc.)
* Experience in Log source integration and in developing new correlation rules & Parser writing
* Experienced in SOC automation development, cloud operations (e.g., AWS), Designing, building security operations centers and Regulatory Compliance
* Ability to lead and communicate efficiently within a team environment along with Incident management process development and/or incident management experience
* Solid understanding of information technology and information security required
* Excellent communication and presentation skills with demonstrated skill in presenting analytical data effectively to varied audiences (including executives)
* Ability to work well under pressure with differing levels of Management
Desirable skills and experience
* Experience of Agile ways of working.
All of our opportunities require that applicants are eligible to work in the specified country/location, unless otherwise stated in the job description.
Whitehall Resources are an equal opportunities employer who value a diverse and inclusive working environment. All qualified applicants will receive consideration for employment without regard to race, religion, gender identity or expression, sexual orientation, national origin, pregnancy, disability, age, veteran status, or other characteristics.
#J-18808-Ljbffr