SOC Manager

Roles and Responsibilities:

• Serve as an escalation point for all Threat Analysts on shift for complex/unusual alerts/cases/requests/incidents.
• Daily review of security alerts/logs with follow-up on any suspicious activity.
• Basic understanding of Forensics / hands on experience of sandboxing
• Hands on experience and rule revisions of security solutions on phishing emails
• Review cases escalated by Threat Analysts to investigate, respond and remediate; Ensure an effective flow of escalated cases; and Conduct quality assurance of cases.
• Mentoring associate team members and contribute to streamlining SOC operations for continuous improvement.
• To ensure an escalate flow of Incident Management System; Assist the team in developing the incident response strategy and then creating and assigning response actions to Threat Analysts as needed.
• Perform investigation of network and hosts/endpoints for malicious activity, to include analysis of packet captures, and assist in efforts to detect, confirm, contain, remediate, and recover from attacks.
• Proactively monitor, identify, and analyze complex internal and external threats, including viruses, targeted attacks and unauthorized access, and mitigate risk to IT systems.
• Work in concert with team members, Information Security engineering, and relevant Subject Matter
• Experts to process, analyze and drive the remediation of identified IT related vulnerabilities Responsible to follow the IT Security Incident Response policies and tools.
• Contribute to Information Security policies, standards, and supporting documentation.
• Root cause analysis, troubleshoot complex issues with existing security and privacy protection protocols.
• Responding to inbound security monitoring alerts, emails, and inquiries from the organization.
• Providing support for Incident Response, including evidence collection, documentation, communications, and reporting.
• Maintaining and improving standard operating procedures and processes
• Responsible for onboarding the clients; both in cloud and on-prem.

Mandatory Skills required for the role:

• Proven work experience as a Technical Support Engineer, Operation, System Admin or similar role.
• Hands on working Experience on any SIEM tool (Qradar /Alien Vault/ McAfee ESM/DNIF).
• 6 months to 1 year of L3 experience and team management is required.
• Team Management and Network Management / Operations Management.
• Good understanding of database, security products (Firewall, IDS/IPS, AV, WAF) and other security products.

Desired Skills:

• Networking concepts
• Information security concepts
• Windows and troubleshooting and domain knowledge
• Linux and troubleshooting and domain knowledge
• Data Analysis
• Data Analytics for Security