Security Operations Center (SOC) Manager
Location: Eatontown, NJ
The SOC Manager will plan, direct and control the functions and operations of the 24/7 Security Operations Center (SOC). To monitor and analyze security incidents to protect client information and assets from unauthorized access, misuse, modification or destruction. Develop and maintain an incident response program to address all security incidents and ensure timely escalation to appropriate business units for validation/investigation. To ensure adherence to regulatory compliance, federal and state laws governing information security, customer identification program, personal identifiable information and assets. Monitor all intelligence sources to identify potential threats/compromises which may target the client and develop proactive strategies to minimize the impact of these threats.
ESSENTIAL DUTIES AND RESPONSIBILITIES- MAY INCLUDE THE FOLLOWING: OTHER DUTIES MAY BE ASSIGNED.
- Lead and manage a 24x7x365 Security Operations Center providing technical oversight.
- Lead staff to proactively identify, prevent and respond to security incidents.
- Ensure incident identification, assessment, quantification, reporting, communication, mitigation and monitoring.
- Ensure compliance to Service Level Agreements (SLA), process adherence and process improvisation to achieve operational objectives and mitigate threats.
- Revise and develop processes to strengthen the current operational activities; review policies and recommend changes to improve governance.
- Responsible for team management, personnel scheduling, overall use of resources and initiation of corrective action where required for Security Operations Center.
- Perform threat management, threat modeling, identify threat vectors and develop use cases for security monitoring.
- Responsible for integration of standard and non-standard logs in SIEM
- Lead in developing and testing use cases for monitoring and alerts
- Lead technical meetings and workgroup sessions with relevant SMEs
- Research and assess the SIEM tool capabilities and functionality of new or existing cloud platforms and perform gap and/or integration analysis as needed.
- Recommend specific tools and processes to maximize security monitoring and response capability.
- Creation of reports, dashboards, metrics for SOC operations and presentation to client.
- Co-ordinate with stakeholders to build and maintain positive working relationship; this include subordinate SOCs supporting the organization.
- Maintain detailed notes within Operational Management systems on all security issue resolution activities
- Maintain customer technical information within defined documentation standards
- Prepare reporting for customer QBRs and lead discussions on data analysis and trending.
- Obtain/maintain technical/professional certifications applicable to position or as directed
- Manage and maintain security monitoring and alerting systems
- Assess and identify appropriate solutions to be integrated into the systems operation and make recommendations for implementation and troubleshooting
- Communicate with customers, peers, team and managers regarding incident and change management
- Provide emergency on-call support on a rotating schedule
- Perform other duties as assigned
Minimum Education and Experience:
- Bachelor’s Degree – In Computer Science, Information Security, or relevant degree.
- 3+ years of experience of event/alert management, incident and change management processes.
- 3+ years of experience of Command and Control (CnC), Indicator of Compromise (IoC), DDOS, Email Phishing, Brute Force Attacks, Event log analysis
- 3+ years of experience in Security Management and SIEM (e.g., Splunk, OSSIM, AlienVault)
- 3+ years of experience in SOC environment
- Achieved one or more relevant security certifications (CISSP, GCIA, GCIH, GMON, etc.)
- 2+ years of experience with Incident Response tactics and tools
Preferred Education and Experience:
- 2+ years of experience in Network Management Tools (e.g., Vistara/OpsRamp)
- 2+ years of experience in a management role leading a technical team
- 2+ years experience with Ticket Management Tools (e.g., ConnectWise)
- 2+ years experience with Cisco Umbrella, ISE, Fire Power, Cloud Lock, IDS/IPS, AMP, Cisco Email Security,etc.
OTHER SKILLS and ABILITIES:
- Excellent Interpersonal Skills (develop and maintain strong working relationships)
- Strong work ethic
- Strong communication skills
- Ability to prioritize tasks.
- Strong organizational skills
- Occasional overtime may be required
- Basic telephone operation skills
- Excellent customer service skills
- Familiarity with ITIL Processes
- Proficiency in Microsoft Office programs and ability to learn specialized system tools
- Ability to multi-task in a fast-paced environment
- Detailed oriented with strong written and verbal communication skills
TRAVEL: (Limited to No Travel)
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is regularly required to sit and talk or hear. The employee frequently is required to stand; walk; and use hands to finger, handle, or feel objects, tools, or controls. The employee is occasionally required to reach with hands and arms. The employee must occasionally lift and/or move up to 35 pounds. Specific vision abilities required by this job involve normal vision.
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
The noise level in the work environment is usually quiet to moderate.