SOC Manager

• At least 10 years of experience in Information Security operations & management with hand on experience in large security operations center using IBM QRadar/Splunk/ArcSight or similar SIEM tool.
• Manage network, endpoints and forensics initiatives, malware triage and cyber security incident response
• Managing Cyber Security Services engagements and engagement teams
• Recognizing common attacker tools, tactics, and procedures
• Providing oversight for on-site examinations and collections and technology advisory services to enhance forensic client engagements
• Researching and developing new digital forensics scripts, tools, and methodologies
• Assessing and troubleshooting a variety of technical issues and support a cyber response lab on our clients SIEM tool and UEBA platform
• Assist in conducting peer reviews and providing quality assurance reviews for junior personnel and will support the mentoring of junior incident

managers and provide guidance to others on incident management prioritization, triage and report writing in support of onsite engagements.

• Guiding the team to Monitor, identify and investigate the security alerts and perform incident response activities related to cybersecurity incidents
• Creates new trouble tickets for alerts that signal an incident and require Tier 2 / Incident Response review
• Respond to cybersecurity incidents, conduct threat analysis as directed and address detected incidents for resolution
• Should be able do multitasking to coordinate incident with Sr analyst and escalation manager
• Recommend enhancements to SOC security process, Operations efficiencies.
• Create Incident response (IR) plan, IR play books, manage all incidents and crisis situations.
• Log Analysis, handle, resolve security incidents.
• Collaborate with respective tracks/technical team for remediation of the incident.
• Periodical review of incident response plan and procedures.
• Recommend and document specific counter-measures and mitigating controls
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences

Preferred Skills:

• Strong knowledge of cyber-attacks and techniques, Cyber Kill chain, incident management best practices.
• A high-level understanding of multi-tiered applications and various network and security devices/protocols
• Knowledge of various operating system flavors including but not limited to Windows, Linux, Unix
• Proficient in preparation of reports and documentation.
• Knowledge of Cyber-criminal techniques, Compliance, and regulatory standards.
• Excellent verbal and written communication skills.

Qualification:

• Any Degree