Associate Director/Lead - Security Operations Center - Consulting Firm (10-15 yrs)
The position is with a consulting Firm based at Mumbai. At the level of Associate Director the person would be responsible to lead SoC operations for the clients.
- Monitoring events tagged as false positive for the detection of wrong deductions
- Review of low/medium risk cases (Sample) from a QA perspective to detect any potential misclassifications
- Review of sample investigations for scenarios/alerts such as (illustrative) for verifying the depth of procedures taken :
- DDOS/DOS attacks
- Remote scans and remote access
- Data leak/data exfiltration
- Privilege escalations
- Anomalous file behaviour
- Review response actions to ensure that the same are as per standard playbook
- Contribute to tuning of configurations/use cases on security devices based on false positives/true positives noted during incident reviews
- Organize team refresher training and knowledge upgrade sessions.
- Staffing of SoC projects - identification of resources available from the resource pool
- Oversee activities and work with project team members on a hands on model to ensure quality delivery
- The candidate is also expected to have excellent presentation making skills to ensure that report summaries are made into succinct theme based presentations to senior management.
- The candidate may be required to travel for short to long term assignments depending on client requirement.
- Must have managed mid-level stakeholders at client (VP level, CISO, and Audit leads) The position is with a consulting Firm based at Mumbai. At the level of Associate Director the person would be responsible to lead SoC operations for the clients.
You are best fit, if you have worked upon and have :
a) Strong understanding of SoC Operations
b) Good understanding of SoC architecture
C) Good understanding on the operations of the following platforms:
- SIEM (Qradar/Splunk)
- WAF (e.g. Imperva, Radware)
- Proxy (e.g. forcepoint/Symantec/Zscaler)
- Mail Gateways (e.g. Symantec/Mcafee)
- Anti-Virus (e.g. Symantec/Mcafee)
- EDR- s
d)Security Operations Experience (SoC lead)
Deep technical knowledge in carrying out security monitoring with the following areas:
- Oversight of Monitoring team and periodic review of console dashboards on the status of alerts and compliance to triage SLA
- Monitoring events tagged as false positive for detection of wrong deductions
- Review periodic dashboards pertaining to incidents, remediation and suggests updates to incident response playbooks and guides the security device teams for enhanced security posture
- SOC Operations management
Design SOC operations processes:
- Client on boarding
- Client data protection
- Maintain ISO 27001 controls
- Design internal incident alert triage framework and methodology
- Design Triage Quality Assurance framework
- Planning Ensure roles and KRA's for each team members are adequately defined
- Overall design of shift roster
- Carry out Roster planning resource allocation to shifts, emergency leave management of the teams
Monitor day to day shift operations such as:
- Attendance - replacement fills in case of emergency leave
- Track shift handoff's ensure open alerts are resolved
- Review triaging efficiency of teams and give QA feedback
- Track SLA compliance and ensure corrections of deviations to client satsifactions
- Manage client weekly touch base calls
- Organize team refresher trainings and knowledge upgrade sessions.
- Sales support Skills & Project Management
Project Management :
- Creation of SoC project codes for time charging and expenses
- Staffing of SoC projects - identification of resources available from resource pool
- Management project on ground and deliver areas of project allocated
- Tracking time charged on projects
- Oversee activities and work with project team members on a hands-on model to ensure quality delivery
- Be the first point for client for status update meetings and project escalations
- Build project presentations and audit reports
Team development :
- Build excellent and simplified training materials to train client teams and Junior team members
- Conduct knowledge sharing sessions for the teams below them on a monthly
Key soft skills and other requirements :
The candidate is expected to have excellent analytical skills and report writing skills to ensure that deliverables for all assignments are well accepted by the clients.
- The candidate is also expected to have excellent presentation making skills to ensure that report summaries are made into succinct theme-based presentations to senior management.
- The candidate may be required to travel for short to long term assignments depending on client requirements.
- Must have been in a client facing role in addition to a technical role.
- Must have managed mid-level stakeholders at client (VP level, CISO, and Audit leads)