Security Operations Center (SOC) Manager

Security Operations Center (SOC) Manager

The Security Operations Center (SOC) Manager is responsible for all internal security operations tasks and management of Security Operations Center. Provides leadership and tactical direction for Security Operations Center (SOC) functions. The SOC Manager will be expected to work alongside the team to detect and respond to information security incidents, develop, maintain, and follow procedures for security event alerting, and participate in security investigations. The SOC Manager should have familiarity with the principles of network and endpoint security, current threat and attack trends, a basic understanding of the OSI model, and have a working knowledge of defense in depth strategies.

Essential Functions:

• Serves as technical expert on SOC matters including items related to monitoring and response of partner and client operations and provides input to Executive Management on the overall strategic direction.
• Ensures staff compliance with all applicable laws, regulations, industry standards, corporate policies, guidelines and procedures, including but not limited to, NIST, ISO, PCI, HIPAA and SOC 2 requirements.
• Promotes an environment of compliance and continuous improvement to meet the Corporation's goals and objectives.
• Develops and maintains a highly qualified and motivated workforce that supports the corporate mission, goals, and objectives.
• Additional responsibilities include creating processes, assessing incident reports, and developing and implementing crisis communication plans.
• To create compliance reports, support the audit process, measure SOC performance metrics, and report on security operations to business leader's quarterly business reviews and on demand for clients as required.

Job Duties:

• Supervise and monitor the quality of services provided
• Recruit, select, train, assign, schedule, coach, counsel staff
• Provide exceptional tier 1-3 operational management, analysis, and investigation of security incidents
• Communicate job expectations; planning, monitoring, appraising, and reviewing job contributions
• Contribute security information and recommendations to strategic plans and reviews
• Prepare and complete security action plans; implement production, productivity, quality, and customer-service standards; resolve problems; complete audits; identify trends
• Act as liaison between the Security Operations team and the customer's technical management staff
• Work independently and/or collaboratively with management team to set and/or implement policies, procedures and systems and to follow through with implementation • Communicate all operating policies and/or issues at department meetings
• Plans, schedules, and reviews workload and Client to make sure metrics are being met most efficiently
• Inform senior management about performance and issues, including escalations
• Monitor and manage customer SLA compliance for SOC
• Extensive experience working with SIEM, Log Aggregators, Incident Response Management solutions
• Strong technical knowledge of Networking, Operating Systems and enterprise integrations • Experience managing standards, developing Security Operations Process
• Proven experience with multiple security event detection platforms
• Thorough understanding of TCP/IP
• Understand IDS / IPS rules to identify and/or prevent malicious activity
• Thorough understanding of application protocols
• Provide exceptional tier 1-3 operational management, analysis, and investigation of security incidents Incident Response
• Respond to network-based attacks
• Network infrastructure attacks
• Perform incident detection
• Network incidents
• Member of a CSIRT (Computer Security Incident Response Team)
• Monitor and analyze resources such as Stellar Starlight, QRadar, Alien Vault and others; data feeds of alerts and logs from firewalls, routers, and other network devices or hosts; and data feeds and/or alerts from network-based IDS/IPS to watch for security violations and determine vulnerabilities.
• Conducts initial triage of security events and incidents. Facilitates communication within the SOC and documents progress throughout the Incident Response Lifecycle.
• Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
• Performs Computer Security Incident Response activities for end client's Cloud, coordinates with other SOC and tenant's POC to record and report incidents.
• Communicates alerts to Tenant POC regarding intrusions and compromises to their systems, applications, and operating systems.

Non-Essential Functions or Skills:

• Support the SOC as needed.
• Flexibility – Adapt to changing environments or alternative methods
• Emotional Intelligence – Understand and react to others' emotions for high quality team output
• Customer Service – Able to meet customer expectations within project scope
• Additional duties as needed

Work Environment Expectations:

• The SOC Manager work environment will vary and is dependent upon the specifications and phase of each project or assignment. Work location may be at headquarters, or may work from home.
• Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
• Hours of Work – The hours of work will vary depending upon the demands of the customer, project, or assignment.

Physical Demands: The physical demands of the position described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to sit, type, look at a computer for 2-3 hours at a time, stand, drive, reach, bend, lift objects up to 20lbs. on occasion.

Skills and Competencies:

• Managing Priorities - ability to multi-task, making progress on multiple goals and/or assignments.
• Sense of Urgency – reacts quickly to resolve situations that may be detrimental to assignments/projects.
• Nimble - Ability to adapt quickly to an ever changing, dynamic IT industry.
• Problem-solving – able to review circumstances and participate in problem solving.
• Time Management skills – able to meet deadlines and set a fair pace for work.
• Independent – Can work with minimal direction, meeting the goals.
• Analytical – Able to assess circumstances and determine a course of action.
• Professional verbal and written communication skills - capable of contributing to Knowledge Management
• Strong organizational / business acumen – understands business structure and business strategies as they apply to project goals and outcomes.
• Tactical - Pays attention to the details and applies the strategy.
• Strong remote-collaboration and communication skills.
• Polite, respectful to others, professional.

Required Experience and Qualifications:

• 2 or more years of SOC management work experience
• 3 or more years inside of a Security Operations environment
• Experience in management, IT Security, operations, ITIL framework, agile project management, and leadership.
• Ability to build consensus and relationships among managers, partners, and employees
• Experience with managing a diverse group of technological oriented members
• Must possess leadership, communication, conflict management, people management, reporting, critical thinking, and problem solving, and planning and organization skills

Education:

• Bachelor's degree in Cybersecurity, Computer Engineering, Information Technology, or related field
• Proven ability to manage all operations, maintenance, and functions of the Security Policy, within the environment
• Broad understanding of Cyber Security and Network is a must
• Candidate will possess ability to be a successful self-starter
• Possess excellent communication, negotiation, and managerial skills
• Experience with managing diverse groups of technologically oriented people
• Strategic thinking; focused on providing business value to end-users
• CompTIA Security + Certification
• CISSP (Certified Information Systems Security Professional)
• CCNA Security (Certified Cisco Network Administrator – Security)