Security Threat Mitigation Specialist

The Security Operations Center Lead is a senior member of the SOC team responsible for overseeing day-to-day operations and ensuring effective detection, response, and mitigation of cyber threats.

This role involves managing security incidents, optimizing Security Information and Event Management (SIEM) systems, and contributing to the strategic direction of the SOC.

Key Responsibilities:

• Operational Oversight
  • Supervise daily SOC operations including monitoring, incident detection, and response activities ensuring 24/7 coverage and timely resolution of security alerts.
• Incident Management
  • Lead the investigation triage and resolution of security incidents coordinating with analysts SIEM engineers and external teams as needed.
• SIEM Optimization
  • Oversee the configuration tuning and maintenance of SIEM platforms to enhance threat detection and reduce false positives.
• Team Leadership
  • Mentor and guide SOC analysts and engineers providing technical direction training and performance feedback to improve team capabilities.
• Threat Intelligence Utilization
  • Integrate and leverage threat intelligence feeds to enhance detection rules correlation logic and incident response strategies.
• Process Improvement
  • Develop refine and implement SOC processes playbooks and standard operating procedures (SOPs) to ensure consistent and efficient operations.
• Reporting and Metrics
  • Generate and review reports on incident trends SIEM performance and SOC metrics presenting findings to the SOC Manager and other stakeholders.
• Collaboration
  • Work closely with other IT and security teams including network operations cloud security and compliance teams to align SOC activities with organizational goals.
• Automation and Scripting
  • Promote and support the use of automation tools and scripts e.g. Python PowerShell to streamline repetitive tasks and improve response times.
• Escalation Point
  • Serve as the primary escalation point for complex incidents providing expertise and decision-making during high-severity events.
• Training and Development
  • Facilitate training sessions and knowledge-sharing initiatives to upskill team members and promote certifications.

• Education: Bachelor's degree in Computer Science Cybersecurity Information Technology or a related field. A Master's degree or relevant certifications are preferred.
• Experience:
• 5-8 years of experience in cybersecurity with at least 2-3 years in a SOC environment and 1-2 years in a leadership or supervisory role.
• Hands-on Experience: With SIEM platforms and incident response processes.
• Desirable Experience: Prior experience in a Security Operations Center or Managed Security Service Provider (MSSP) environment.
• Technical Skills:
• Knowledge of SIEM Architecture: Strong knowledge of SIEM architecture log management and event correlation.
• Network Security Tools: Proficiency in network security tools e.g. firewalls IDS/IPS EDR solutions like CrowdStrike Carbon Black.
• Cloud Security Platforms: Familiarity with cloud security platforms e.g. AWS Azure Google Cloud and their integration with SOC tools.
• Scripting Skills: Scripting skills in Python PowerShell or similar languages for automation and process optimization.
• Enterprise Security Technologies: Understanding of network protocols TCP/IP and enterprise security technologies.
• Leadership Skills: Strong leadership and mentoring skills to guide and motivate SOC team members.
• Analytical and Problem-Solving Abilities: Excellent analytical and problem-solving abilities to address complex security incidents.
• Communication Skills: Effective communication skills for reporting and collaborating with technical and non-technical stakeholders.
• Ability to Perform Under Pressure: Ability to perform under pressure and manage multiple priorities in a fast-paced environment.
• Certifications (Preferred):
• Certified Information Systems Security Professional (CISSP)
• Certified Ethical Hacker (CEH)
• CompTIA Security+
• GIAC Security Operations Certified (GSOC)],