Threat Detection

About the Role

Position Title: Threat Detection & Response, SOC Manager

Corporate Title: Vice President

Reporting to: Director

Location: Bengaluru

Job Profile:

Position details:

In this role you will focus on researching threats posed by cyber criminals to various systems, technologies, operations, and programs, and analyzing research to determine a cyber criminal’s capabilities, intentions, and attack approaches, including those with multiple phases. Responsibilities include rapidly responding to incidents to minimize risk exposure and ensure system availability;
proactively monitoring internal and external-facing environments;
seeking opportunities to automate detection and remediation and reduce response times for incidents;
and producing reports and briefings that include perspectives on the behavior of adversaries.

Roles and Responsibilities

• Manage SOC 24x7 operations including technology and people management.
• Perform cybersecurity threat detection, assessment, and mitigation efforts.
• Support inquiries from compliance teams such as IT risk management and internal and external audit, to ensure documentation is complete and in compliance with information security policies
• Identify, evaluate, and monitor continually threats that could affect operational and business activities.
• Manage development of security operations playbooks to ensure threat detection, monitoring, response, and forensics activities align with best practices, minimize gaps in detection and response, and provide comprehensive mitigation of threats.
• Create, Enhance, and manage security use cases, dashboards and alerts using Splunk.
• Research and look for opportunities to adopt the best practices and industry standards to enhance the SIEM and SOAR platforms.

Job Requirements:

• Bachelor's Degree in Business, Management, Computer Sciences, or equivalent prior work experience in a related field
• Minimum of 10 years overall experience working in global, complex, matrix-managed organization
• Minimum of 5 years of people management experience is preferred.
• Minimum of 8 years' experience in either:
• Threat detection & response and/or vulnerability management
• Incident Response and Forensic Investigations work
• Cybersecurity Operations or Information Security
• Minimum of 3 years working directly in Cybersecurity Operations or Threat and Vulnerability management.
• Experience across the following technical concentrations:
• Network-Based Security Controls (Firewall, IPS, WAF, MDS, Proxy, VPN)
• Anomaly Detection and Investigation
• Host and Network Forensics
• Operating Systems
• Web Applications and Traffic
• Experienced with EnCase, FTK, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump, and open- source forensic tools.
• Experience responding to cyber events in public cloud environments such as AWS, Azure, Google Cloud, etc.
• Experience creating trending, metrics, and management reports.
• Security experience in all phases of product and service development lifecycle including architecture, design, development, testing, release, and operational maintenance.
• Experience with cloud computing security, network, operating system, database, application, and mobile device security.
• Extensive knowledge of vulnerability management and remediation.
• Experience with information security risk management, including conducting information security audits, reviews, and risk assessments.
• Experience in two or more security domains including Security Governance and Oversight, Security
• Risk Management, Network Security, Threat and Vulnerability Management, and Incident Response and Forensics.
• Knowledge of models/frameworks such as Kill Chain and MITRE ATT&CK
• Strong time management skills to balance multiple activities and lead junior analysts as needed
• Well-developed analytic, qualitative, and quantitative reasoning skills
• Understanding of offensive security to include common attack methods.
• Understanding of how to pivot across multiple datasets to correlate artifacts for a single security event.
• A diverse skill base in both product security and information security including organizational structure and administration practices, system development and maintenance procedures, system software and hardware security controls, access controls, computer operations, physical and environmental controls, and backup and recovery procedures.
• Detailed knowledge and experience in security and regulatory frameworks (ISO 27001, NIST 800 series, FFIEC, SOC2, FedRAMP, STAR, etc.)
• In-depth knowledge in one or more security domains including Security Governance and Oversight,
• Security Risk Management, Network Security, Threat and Vulnerability Management, and Incident Response and Forensics"
• Knowledge of Splunk, Phantom, Python, CrowdStrike, Tanium, Defender, Azure, AWS and forensic security tools is preferred.
• Experience working within the Financial Services Industry preferred.
• One to three years of experience in Splunk, Splunk Enterprise Security or Splunk Phantom is preferred
• Strong analytical skills (i.E., technical and non-technical problem solving skills).
• Maintain certifications in an information security related field. The following are recommended:
• CySA+, CISSP, ISSMP, SANS, GCIA, CISM, EnCE, CEH, GCFA, GCFE, GCIH, or GSEC and/or
• Splunk Certifications.