Team Lead - Security Operations Center - Bank

Team Lead - Security Operations Center ( Private Sector Bank)

The Security Operations Center Team Lead conducts essential cyber security incident handling activities and this is accomplished by leading security monitoring and incident response activities, including conducting event and incident analysis, and coordinating incident containment and remediation actions. In addition, the SOC Manager is instrumental in cyber threat and vulnerability analysis and response. The jobholder will be responsible for coordinating work across the Security Operations Center to receive alerts and determine

Incident Management and Monitoring :

- Manage Security incidents. Assist in developing concepts for efficient and effective security response activities.

- Be a trusted point of contact and expertise for incidents and manage all the incident response activities including escalation to upper management.

- Provide qualified guidance on SOC alerting conditions and necessary data sources

Vulnerability Management :

- Analyze and interpret results of vulnerability management activities using standard frameworks

- Research and investigate new and emerging vulnerabilities, to include 0 Day events

- Identify and resolve false positive findings in assessment results

- Assess compensating controls and validate their effectiveness

- Partner with stakeholders to streamline, standardize and document vulnerability remediation procedures

- Monitor vulnerability remediation activities

- Integrate information from disparate sources and create tactical intelligence that is relevant to protecting the business.

Threat Management :

- Research and investigate new and emerging cyber threats and vulnerabilities through participation in external security communities.

- Manage the collection, analysis, and dissemination of cyber security threat information, including controlling the quality of intelligence suppliers

- Manage relationships with global stakeholders to identify business needs and design appropriate security controls.

- Analyze and interpret threat information using standard frameworks (Cyber Kill Chain, MITRE ATT&CK framework)

- Generate timely business cyber threat intelligence assessment reports to business owners and management stakeholders

- Generate timely technical cyber threat intelligence assessment reports to IT management and stakeholders

Other Areas of Effort :

1. Quarterly review of Arcsight rules for finetuning - suppression, non triggering, new logic and business changes, changing alerts to reports, etc

2. Preparation / validation of RBI related reports

3. Track and publish KRI and SLA on weekly basis.

4. Review and publsh monthly and quarterly MIS

5. MIS/KRI - includes number of incidents, critical incidents, zero day identification, and threat hunting report.

6. Forecast staff trainings, developing skills

7. Review RCA reports

8. Ensure the team follows Bank's laid down processes