Security Operations Centre

Align with the SOC maturity roadmap and assign priorities for implementation. Driving creating use cases for new scenarios and/or fine tuning the existing scenarios. Help create play books in SOAR for various use cases that Tier 1/Tier 2 teams. Provide overall direction for the SOC function and input to the overall cyber defense strategy. Collaborate and create synergies within the cyber team and wider IT function. Ensure SOC function is delivering the core monitoring, threat detection and response activities adhering to the defined SLAs and SOPs. Help drive upskilling of existing SOC team members in new cybersecurity technologies. Continuously monitor the effectiveness of incident detection and response solution and provide improvement inputs to SOC Architecture and Engineering teams. Measure and mature the SOC service SLAs/KPIs from time to time. Continuously work with technology teams to integrate new feeds into SIEM. Broad knowledge of cybersecurity functions beyond traditional SOC operations (e.g. vulnerability management, application security, penetration testing, data protection, identity and privileged access). Working knowledge of incident ticketing platforms Should possess hands on experience of security Information Event Monitoring (SIEM) platforms, Endpoint Detection and Response (EDR) platforms, Network Security Monitoring (NSM)/Network Detection and Response (NDR) platforms and other leading tools and technologies of Cyber Defence domain. Working knowledge of security alert triage and analysis methods (e.g., use of correlations, behaviors, and patterns, pivoting, enriching alert data and providing remediation recommendations) Experience with threat hunting and threat hunting methodologies Experience with cybersecurity incident response coordination and methods Experience integrating cyber threat intelligence with security monitoring processes and threat hunting Knowledge of detection rule logic management (e.g., creation, tuning and management methods) Knowledge of cybersecurity frameworks (e.g., Mitre ATT&CK, VERIS, Cyber Kill Chain, Diamond Model, and other frameworks) Knowledge of cloud infrastructures and cloud security monitoring (Azure, AWS, and GCP) Knowledge of network communication concepts including ports, protocols, and encryption Plan, direct and control the SOC functions and operation Ensure the monitoring and analysis of incidents to protect People, Technology and Process addressing all security incidents and ensuring timely escalation. Direct the Cyber Intelligence capability to identify potential threats delivering strategic reports and strategies to minimise the impact of the threat. Ensuring incident identification, assessment, quantification, reporting, communication, mitigation and monitoring Ensuring compliance to policy, process, and procedure adherence and process improvisation to achieve operational objectives Revising and develop processes to strengthen the current Security Operations Framework, Review policies and highlight the challenges in managing SLAs Responsible for overall use of resources and initiation of corrective action where required for Security Operations Center Ensuring threat management, threat modeling, identify threat vectors and develop use cases for security monitoring Creation of reports, dashboards, metrics for SOC operations and presentation to Sr. Mgmt. Co-ordination with stakeholders, build and maintain positive working relationships with them Be a thought leader in security engineering and operations delivery - driving automation, analytics, and advanced threat analysis. Oversee technical delivery, assessing and continually improving output and ensuring processes are developed and adhered to drive operational excellence. Benchmark, analyze, report on, and make recommendations for the improvement and growth of the Next Generation infrastructure and systems. Participate in quarterly business reviews with vendors and customers. Manage the deployment, monitoring, maintenance, development, upgrade, and support of all Client managed systems, operating systems, hardware, and software. Keep current with the latest vendor updates, expansion opportunities, and technology directions, utilized in the Clients environment. Collaborate and consult with other Group Managers on the overall advancement of the Emerging Services organization and Optiv in general. Establish operational foundations, defining metrics and KPIs to drive governance, quality, and efficiency. Influence and improve existing processes through innovation and operational change. Manage staffing, including recruitment, supervision, scheduling, development, evaluation, and disciplinary actions. Develop and maintain an educational environment where the knowledge and performance of the group is constantly advancing. Perform annual staff appraisals. Develop and mentor staff through open communication, training and development opportunities, and performance management processes; build and maintain employee morale and motivation. Ensure incident identification, assessment, quantification, reporting, communication, mitigation, and monitoring. Drive the implementation of emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack. Implement standards and procedures to ensure alerts are addressed with relevancy, accuracy and in a timely manner Operate autonomously to further investigate and escalate in accordance with policies, procedures and defined processes Educational Qualification Engineering graduate from Computer Science, IT, Telecommunication or a similar discipline Post-Graduation: PGDIT, MCA, MBA Key Skills Certification like CISSP, CISA or CISM Ability to handle senior management escalation. Vendor management Skills Effective communication Proficient team leader Strategic skills Decision making and communication. Risk management skills Knowledge of latest cyber security trends & global industry best practices pertaining to financial Industry Technical working knowledge, understanding of SIEM technology, various other security technology (EDR, NDR, HIPS, WAF, IDS, IPS, Firewall, Networking) etc. Experience Overall 12 - 15 year on experience in Information/Cyber Security experience working in a SIEM tool (Next-Gen SIEM, UEBA, etc.) with strong background in security incident monitoring, response, and operations. Experience in managing 24x7 Cyber Security Operations Center (CSOC) for 5+ years managing teams from Leadership level primarily involved in Cyber Defense Experience in managing 20+ members team which may include vendor teams. Certification like SANS, OSCP/OSCE and CREST will be added advantage (CEH, Security+, OSCP, CISSP or other industry-relevant cyber-security certifications and ITIL V3.0, GIAC (e.g. GCIA, GCFE, GCIH), ISC2 (e.g. CCSP), or EC-COUNCIL (e.g. CEH) preferred. Etc.)