Cyber Security Operations Lead

About the Role:

This is a fantastic opportunity for an experienced Cyber Security Operations Lead to join our team. As a key member of our security operations center, you will play a crucial role in leading and managing our team of security analysts, ensuring that we are always one step ahead of potential threats.

Key Responsibilities:

• Cyber Security Event Review & Leadership: You will be responsible for reviewing cyber security events analyzed by Level 2 security analysts and acting as the escalation point for detection, response, and remediation activities.
• Monitoring & Guidance: You will monitor and guide the team in triaging cyber security events, prioritizing them, and recommending/performing appropriate response measures.
• Technical Support: You will provide expert technical support for various IT teams in response and remediation activities for escalated cyber security events/incidents from L2 analysts and stakeholders.
• Incident Follow-up & Closure: You will ensure all cyber security incident tickets are followed up diligently until full closure.
• Analyst Guidance & Mentorship: You will provide clear guidance and mentorship to L1 and L2 analysts in analyzing events and executing response activities.
• Incident Response Expediting: You will intervene and expedite Cyber incident response and remediation-related activities in case of any delays, coordinating effectively with various teams, including L1 and L2 team members.
• Policy & Best Practice Review: You will review and provide valuable suggestions during the preparation of information security policies and best practices for client environments.
• SLA & Communication: You will ensure that all Service Level Agreements (SLAs) and contractual requirements are met in a timely manner, maintaining effective communication with all stakeholders.
• Reporting & Dashboards: You will review Daily, Weekly, and Monthly dashboard reports and share them with relevant stakeholders, providing clear insights into security posture.
• Documentation & Playbooks: You will review all security-related documents, update playbooks, and maintain other standard operational procedures to ensure accuracy and relevance.
• System Documentation Validation: You will validate client systems and IT infrastructure documentation, ensuring all records are current and accurate.
• Knowledge Sharing & Threat Intelligence: You will share knowledge with team members on current security threats, trends in attack patterns, and new security tools.
• Use Case Development & Validation: You will review and create new use cases based on emerging attack trends. Validate these use cases through selective testing and logic examination.
• Threat Detection Rule Development: You will develop and maintain threat detection rules, parsers, and use cases to enhance the SIEM's detection capabilities.
• Security Analytics Understanding: You will possess a strong ability to understand security analytics and data flows across various SaaS applications and cloud computing tools.
• SIEM Solution Deployment: You will be capable of deploying SIEM solutions in customer environments.

Required Skills & Qualifications:

• Core SOC Monitoring experience.
• Proficiency with SOC tools such as FortiSOAR, IBM QRadar, MS Defender, and Cisco Umbrella.
• Strong experience in analyzing malicious traffic and building detections.
• Experience in applications security, network security, and systems security.
• Knowledge of MITRE or similar frameworks and adversary procedures.
• Expertise with SIEM Solutions (Securonix / Splunk / Sumologic / LogRhythm / ArcSight / Qradar).
• Strong communication skills, both written and oral, capable of effectively communicating with internal teams and external stakeholders.
• Experience working on SMB & large enterprise clients.
• Good understanding of ITIL processes, including Change Management, Incident Management, and Problem Management.
• Strong expertise on multiple SIEM tools & other devices found in a SOC environment.
• Good knowledge in firewalls, IDS/IPS, AVI, EDR, Proxy, DNS, email, AD, etc.
• Good understanding of raw Log formats of various security devices like Proxy, Firewall, IDS/IPS, DNS.
• Solid foundational understanding of networking concepts (TCP/IP, LAN/WAN, Internet network topologies).
• Knowledge of regex and parser creation.
• Ability to mentor and encourage junior teammates.
• Strong work ethic with good time management skills.
• Coachability and dedication to consistent improvement.

Good to Have:

• Master's degree.
• Relevant certifications like CEH, CISA, CISM.
• Be a key person for developing Thought Leadership within the SOC.