SOC Lead

CyShield is Hiring a SOC Lead that will be joining the cyber security operations team. In this role you will be leading security operations monitoring and responding to alerts and security incidents.

This position leads an operational team to conduct in-depth analysis of security events with the specific ability to identify Indicators of Compromise, perform intrusion scope and root cause analyses and implement triaging protocols to mitigate potential damage.

**Job Description**:

- Lead Security Operations Center through day to day activity.
- Primarily responsible for security event monitoring, management and response
- Ensure incident identification, assessment, quantification, reporting, communication, mitigation and monitoring
- Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives
- Revise and develop processes to strengthen the current Security Operations Framework, review processes and highlight the challenges in managing SLAs
- Responsible for team management, overall use of resources, shift scheduling and initiation of improvement action where required for Security Operations Center
- Perform threat management, threat modeling, identify threat vectors and develop use cases for security monitoring
- Responsible for integration of standard and non-standard logs sources in SIEM
- Creation of reports, dashboards, metrics for SOC operations and presentation to Sr. Mgmt.
- Co-ordination with stakeholders, build and maintain positive working relationships with them
- Responsible for reporting service KPIs to management
- Responsible for coaching of team members and on-boarding of new hires.

Technical Skills:

- Experience in security device management and SIEM (Qradar, Splunk, Logrythm..etc)
- In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
- knowledge of security technologies such as anti-malware tools, forensics tools, firewalls, identity access management, IDS / IPS, multi-factor authentication, network -devices, SIEM, threat intelligence, vulnerability scanners, monitoring tools, and web filters on premise and in cloud environments required
- Familiarity with network technologies and protocols (switches, routers, firewalls, VPNs, remote connection technologies, and multiple domain environments)
- Knowledge of various operating system flavors including but not limited to Windows, Linux, Unix
- Proficient in preparation of reports, dashboards and documentation

Job Qualifications:

- Bachelor’s degree in engineering or computer science
- 6+ years cyber security experience required
- 4+ years of experience in incident response handling and staff leadership.
- Demonstrated analytical, problem-solving, and critical thinking skills required
- Ability to work with little supervision and consistently deliver results required
- CISSP, CISM, CISA certification is a plus