SOC Lead, Security Operations

Shift Timings: 1 pm to 10 pm IST

What were looking for

To support our continued success and deliver a Fanatical Experience to our customers, Rackspace Cyber Defence is looking for a Security Lead for security Operations.

This role is particularly well-suited to a self-starting, experienced, and motivated Security Lead, who is commercially aware, service-oriented, and has a proven record of accomplishment in delivering and managing a security operations centre (SOC.)

The Security Lead will be the face of Rackspaces security services and responsible for the leadership and management of a multi-disciplinary security operations center (SOC) that serve Rackspace Cyber Defense customers.

Key Accountabilities

Should have experience of 12 years in SOC and Security Eng.

Managing a team of first responders, as part of a resolver group (or pod), you will ensure the Customers operational and production environment remains secure and any threats are raised and addressed promptly. This can include monitoring at both the network and application level.

Identification of a customers critical assets using technical tools and interviews.

Use of, enhancement of, or implementation of new, relevant technology tooling to ensure a customers configuration and security policies are enforced.

Use of threat intelligence platforms such as OSINT, to understand the latest threats. Researching and analysing the latest threats to better understand an adversarys tactics, techniques, and procedures (TTPs).

Automation of security processes and procedures to enhance and streamline monitoring capabilities.

Ensure any reported vulnerabilities are resolved within agreed SLA timeframes.

In-depth knowledge of each Rackspace customers environment.

Providing relevant reporting and analysis (including breach root cause analysis, if required) to customers, on an agreed frequency.

Maintain close working relationships with relevant teams and individual key stakeholders, such as incident response and disaster recovery teams as well as information security etc.

May be required to work flexible working hours.

Critical Incident Handling & Closure and Deep investigation and analysis of critical security incidents.

Post-breach forensic incident analysis reporting and Advanced threat hunting.

Assist with customer onboarding loading of feeds, etc. to Sentinel.

Develop custom dashboards and reporting templates and Develop complex to customer-specific use cases.

Advanced platform administration and Solution recommendations for issues.

Co-ordinate with different teams for issue resolution

Skills & Experience

Experience of managing a team of Security Operations Engineers, or equivalent.

oVulnerability Management: Qualys, Microsoft Defender.

oEndpoint Management: CrowdStrike and Microsoft Defender for Point.

Knowledge of security standards (good practice) such as NIST, ISO27001, CIS, OWASP and Cloud Controls Matrix (CCM) etc.

Experience of security controls, such as network access controls; identity, authentication and access management controls (IAAM); and intrusion detection and prevention controls.

Adept at analysing malware and email headers, and has skills in network security, intrusion detection and prevention systems; operating systems; risk identification and analysis; threat identification and analysis and log analysis.

Computer science, engineering or information technology related degree (although not a strict requirement)

Holds one, or more, of the following certificates (or equivalent): - o Certified Information Security Systems Professional (CISSP) o Systems Security Certified Practitioner (SSCP) o Certified Cloud Security Professional (CCSP)

oGIAC Certified Incident Handler (GCIH) o GIAC Security Operations Certified (GSOC)

A highly self-motivated and proactive individual who wants to learn and grow and has an attention to detail.

A great analyser, trouble-shooter and problem solver who understands security operations, programming languages and security architecture.

Highly organized and detail oriented. Ability to prioritise, multitask and work under pressure.

An individual who shows a willingness to go above and beyond in delighting the customer.

A good communicator who can explain security concepts to both technical and nontechnical audiences.