AVPSr Manager Manager Security Operations Center with Large Private Bank

• Align with the SOC maturity roadmap and assign priorities for implementation.
• Driving creating use cases for new scenarios and/or fine tuning the existing scenarios.
• Help create play books in SOAR for various use cases that Tier 1/Tier 2 teams.
• Provide overall direction for the SOC function and input to the overall cyber defense strategy.
• Collaborate and create synergies within the cyber team and wider IT function.
• Ensure SOC function is delivering the core monitoring threat detection and response activities adhering to the defined SLAs and SOPs.
• Help drive upskilling of existing SOC team members in new cybersecurity technologies.
• Continuously monitor the effectiveness of incident detection and response solution and provide improvement inputs to SOC Architecture and Engineering teams.
• Measure and mature the SOC service SLAs/KPIs from time to time.
• Continuously work with technology teams to integrate new feeds into SIEM.
• Broad knowledge of cybersecurity functions beyond traditional SOC operations (e.g. vulnerability management application security penetration testing data protection identity and privileged access).
• Working knowledge of incident ticketing platforms
• Should possess hands on experience of security Information Event Monitoring (SIEM) platforms Endpoint Detection and Response (EDR) platforms Network Security Monitoring (NSM)/Network Detection and Response (NDR) platforms and other leading tools and technologies of Cyber Defence domain.
• Working knowledge of security alert triage and analysis methods (e.g. use of correlations behaviors and patterns pivoting enriching alert data and providing remediation recommendations)
• Experience with threat hunting and threat hunting methodologies
• Experience with cybersecurity incident response coordination and methods
• Experience integrating cyber threat intelligence with security monitoring processes and threat hunting
• Knowledge of detection rule logic management (e.g. creation tuning and management methods)
• Knowledge of cybersecurity frameworks (e.g. Mitre ATT&CK VERIS Cyber Kill Chain Diamond Model and other frameworks)
• Knowledge of cloud infrastructures and cloud security monitoring (Azure AWS and GCP)
• Knowledge of network communication concepts including ports protocols and encryption
• Plan direct and control the SOC functions and operation
• Ensure the monitoring and analysis of incidents to protect People Technology and Process addressing all security incidents and ensuring timely escalation.
• Direct the Cyber Intelligence capability to identify potential threats delivering strategic reports and strategies to minimise the impact of the threat.
• Ensuring incident identification assessment quantification reporting communication mitigation and monitoring
• Ensuring compliance to policy process and procedure adherence and process improvisation to achieve operational objectives
• Revising and develop processes to strengthen the current Security Operations Framework Review policies and highlight the challenges in managing SLAs
• Responsible for overall use of resources and initiation of corrective action where required for Security Operations Center
• Ensuring threat management threat modeling identify threat vectors and develop use cases for security monitoring
• Creation of reports dashboards metrics for SOC operations and presentation to Sr. Mgmt.
• Coordination with stakeholders build and maintain positive working relationships with them
• Be a thought leader in security engineering and operations delivery driving automation analytics and advanced threat analysis.
• Oversee technical delivery assessing and continually improving output and ensuring processes are developed and adhered to drive operational excellence.
• Benchmark analyze report on and make recommendations for the improvement and growth of the Next Generation infrastructure and systems.
• Participate in quarterly business reviews with vendors and customers.
• Manage the deployment monitoring maintenance development upgrade and support of all Client managed systems operating systems hardware and software.
• Keep current with the latest vendor updates expansion opportunities and technology directions utilized in the Clients environment.
• Collaborate and consult with other Group Managers on the overall advancement of the Emerging Services organization and Optiv in general.
• Establish operational foundations defining metrics and KPIs to drive governance quality and efficiency. Influence and improve existing processes through innovation and operational change.
• Manage staffing including recruitment supervision scheduling development evaluation and disciplinary actions.
• Develop and maintain an educational environment where the knowledge and performance of the group is constantly advancing.
• Perform annual staff appraisals.
• Develop and mentor staff through open communication training and development opportunities and performance management processes; build and maintain employee morale and motivation.
• Ensure incident identification assessment quantification reporting communication mitigation and monitoring.
• Drive the implementation of emerging threat intelligence (IOCs updated rules etc.) to identify affected systems and the scope of the attack.
• Implement standards and procedures to ensure alerts are addressed with relevancy accuracy and in a timely manner
• Operate autonomously to further investigate and escalate in accordance with policies procedures and defined processes

Educational Qualification

• Engineering graduate from Computer Science IT Telecommunication or a similar discipline
• PostGraduation: PGDIT MCA MBA

Key Skills

• Certification like CISSP CISA or CISM
• Ability to handle senior management escalation.
• Vendor management Skills
• Effective communication
• Proficient team leader
• Strategic skills
• Decision making and communication.
• Risk management skills
• Knowledge of latest cyber security trends & global industry best practices pertaining to financial Industry
• Technical working knowledge understanding of SIEM technology various other security technology (EDR NDR HIPS WAF IDS IPS Firewall Networking) etc.

Experience

• Overall 12 15 year on experience in Information/Cyber Security experience working in a SIEM tool (NextGen SIEM UEBA etc.) with strong background in security incident monitoring response and operations.
• Experience in managing 24x7 Cyber Security Operations Center (CSOC) for 5 years managing teams from Leadership level primarily involved in Cyber Defense
• Experience in managing 20 members team which may include vendor teams.
• Certification like SANS OSCP/OSCE and CREST will be added advantage (CEH Security OSCP CISSP or other industryrelevant cybersecurity certifications and ITIL V3.0 GIAC (e.g. GCIA GCFE GCIH) ISC2 (e.g. CCSP) or ECCOUNCIL (e.g. CEH) preferred. Etc.)

CISA , CLOUD SECURITY , CYBER SECURITY , AWS , OSCP , CEH , CISSP , CISM , NETWORKING , GIAC , AZURE