Security Cyber Operations Center Director

Job Title: Cybersecurity Operations Center Lead

Job Overview:

The Cybersecurity Operations Center (SOC) is a critical component of an organization's defense against cyber threats. As a senior member of the SOC team, the SOC Lead plays a key role in overseeing day-to-day operations, guiding SOC analysts, and ensuring effective detection, response, and mitigation of cyber threats.

This position involves managing security incidents, optimizing Security Information and Event Management (SIEM) systems, and contributing to the strategic direction of the SOC. The SOC Lead will act as a technical and operational leader, ensuring seamless coordination within the team and alignment with organizational security objectives.

Key Responsibilities:

• Operational Oversight: Supervise daily SOC operations, including monitoring, incident detection, and response activities, ensuring 24/7 coverage and timely resolution of security alerts.
• Incident Management: Lead the investigation, triage, and resolution of security incidents, coordinating with analysts, SIEM engineers, and external teams as needed.
• SIEM Optimization: Oversee the configuration, tuning, and maintenance of SIEM platforms to enhance threat detection and reduce false positives.
• Team Leadership: Mentor and guide SOC analysts and engineers, providing technical direction, training, and performance feedback to improve team capabilities.
• Threat Intelligence Utilization: Integrate and leverage threat intelligence feeds to enhance detection rules, correlation logic, and incident response strategies.
• Process Improvement: Develop, refine, and implement SOC processes, playbooks, and standard operating procedures (SOPs) to ensure consistent and efficient operations.
• Reporting and Metrics: Generate and review reports on incident trends, SIEM performance, and SOC metrics, presenting findings to the SOC Manager and other stakeholders.
• Collaboration: Work closely with other IT and security teams, including network operations, cloud security, and compliance teams, to align SOC activities with organizational goals.
• Automation and Scripting: Promote and support the use of automation tools and scripts (e.g., Python, PowerShell) to streamline repetitive tasks and improve response times.
• Escalation Point: Serve as the primary escalation point for complex incidents, providing expertise and decision-making during high-severity events.
• Training and Development: Facilitate training sessions and knowledge-sharing initiatives to upskill team members and promote certifications.

Required Skills and Qualifications:

• Education: Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field. A Master's degree or relevant certifications are preferred.
• Experience:
• 5-8 years of experience in cybersecurity, with at least 2-3 years in a SOC environment and 1-2 years in a leadership or supervisory role.
• Hands-on experience with SIEM platforms and incident response processes.
• Prior experience in a Security Operations Center or Managed Security Service Provider (MSSP) environment is highly desirable.

Benefits:

This position offers opportunities for professional growth and development in a fast-paced, dynamic environment. The ideal candidate will have strong leadership skills, excellent analytical and problem-solving abilities, and effective communication skills for reporting and collaborating with technical and non-technical stakeholders.

Keyword: Cybersecurity