Security Operations Center Lead
Job description
Serve as subject matter expert on incident detection, analysis and Response techniques.
Provide guidance to Security Operations Center (Level 1) analysts in execution of operational,
analysis, and cyber event response procedures.
Monitor Security Operations Center (Level 1) analysts’ performance investigating incoming events
and mentor analysts to improve detection capability at the SOC.
Support the Security Operations Centre (SOC) by collaborating in use case development,
developing response processes and procedures, and performing continuous process
improvements; which may include documentation, mentoring, and/or training sessions.
Investigate complex events escalated by Security Operations Center (Level 1) analysts.
Review and perform vulnerability assessments
Conduct proactive threat research.
Gather, manage, and disseminate situational intelligence to all SOC personnel.
Establish and maintain excellent working relationships/partnerships with the cyber security and
infrastructure support teams throughout the Information Technology organization, as well as
business unit stakeholder SMEs.
Coordinate efforts among multiple business units during response.
Must comply with any regulatory requirements.
Must commit to continuous information security skill development.
Job Requirements
4+ years of experience working in Security Operations Center and atleast one year as SOC Lead
Deeper Understanding of all Operating Systems, Virtualization technologies, Network Devices,
Cloud computing concepts, Web Proxies, Firewalls, Data Loss Prevention Systems, Intrusion
Detection/Prevention Systems, Antivirus Systems, Vulnerability Assessment tools – Nessus,
Qualysguard, etc.
Familiarity with hacking techniques, methodologies, tactics and procedures.
Comprehensive understanding of network protocols including TCP/IP, UDP, DHCP, FTP, SFTP, ATM,
SNMP, SMTP, SSH, SSL, VPN, RDP, HTTP and HTTPS
Experience working with SIEM technologies (Splunk preferable)
Exceptional information analysis abilities; ability to perform independent analysis and distill
relevant findings and root cause.
Ability to identify themes and trends from large data sets.
Strong customer service skills and decision-making skills.
Exhibit initiative, follow-up and follow through with commitments.
Ability to support and work in a team environment.
Strong analytical writing skills to articulate complex ideas clearly and effectively; experience
creating and presenting documentation and management reports.
Strong oral communication skills.
Ability to manage multiple tasks, priorities, and operational assignments in a high pressure
environment.
Understanding of IT Security and the ability to apply risk management principles in all aspects IT
Security.
Education & Certifications
B.E./ B.Tech./MCA or MS In Information Security
GIAC Certified Intrusion Analyst, or GIAC Certified Incident Handler, GIAC
Certified Forensic Analyst (GCFA),
CISSP certified/qualified or ability to pursue obtaining this certification within six months of hire.
CompTIA Security +, Cisco Certified Security Professional/Associate, CEH , ISO 27001 LA/LI
Certifications in Splunk Security app/HP Arcsight/IBM Qradar or other SIEMs