Position Description

As a SOC Supervisor within the managed security services practice, you are responsible for developing strong working relationships with clients built on understanding their businesses and challenges. You will lead a centralized and geographically disbursed team of security operations personnel conducting defensive cyber operations aligned to either a day or evening shift, ensuring consistency of service delivery and a smooth transition between shifts. You will also work across multiple client accounts and teams within a wide variety of industries. You will be responsible to manage a number of senior analysts and shift leads and analysts working within the security operations center. SOC Managers typically have 5-7 years of experience in the responsibilities listed below.

Responsibilities

• Operating and leading assigned shifts and continually mature the security operations center activities

• Planning, directing, and managing day-to-day activities across the Security Operations Center as well as high-tempo, high-visibility incident response efforts

• Drive implementation and adoption of new tools, capabilities, frameworks, and methodologies across all teams within the SOC

• Providing consolidated reporting and dashboards to operational leadership and clients 

• Working with the recruiting team to conduct technical interviews of potential analysts

• Demonstrating the ability to manage security operations teams, identity necessary skill sets and opportunities for continued team member professional growth

• Providing leading practice recommendations in security operations, incident response, vulnerability management and automation

• Understanding native monitoring tools available from common cloud platforms

• Supporting simple to complex enterprise managed security solutions for a variety of business use cases and requirements

• Guiding and mentoring client counterparts through the ongoing operational activities

• Mentoring and directing junior analysts, conducting quality reviews of their activities, providing direction and serving as a technical leader if needed

Skills and Experience

A successful candidate will have good attention to detail, troubleshooting skills, the ability to learn new technologies, functionalities, and processes quickly and the ability to work on their own as well as within a small team.  Candidates should demonstrate willingness to go the extra mile for the team's success. They will be a leader, problem solver, creative thinker and interested in learning their clients' business.

Basic Qualifications

• Bachelor's degree or higher

• 3-8 years of related work experience, specifically 5+ years of security operations center experience operating in the cloud and/or on premise 

• Proven experience leading security operations center teams including interacting with external client teams and supporting operational protocols 

• Project Management abilities to complete a project action item, create a new project including plans and action items, manage a delegated project and present a project review to an audit team, executive leadership, or clients

• Training & Documentation skills for building new incident handling procedures, conduct a training presentation, provide constructive feedback to fellow analysts on events and review and update incident handling documentation

• Accountable for the timeliness and quality of reporting produced by the SOC

• Instill and reinforce industry best practices in the domains of incident response, cybersecurity analysis, case and knowledge management, and SOC operations

• Experience using the ServiceNow suite for overall security operations workflow management

• Experience with leading SIEM technologies such as Splunk, LogRhythm, Sentinel, and Elasticsearch, Logstash, and Kibana (ELK)

• Experience building and maturing security operation center capabilities and operations

• Experience serving complex architectures and environments (cloud, on-prem or hybrid)

• Experience with various automation platforms such as security orchestration and automated response (SOAR) tools

• Ability to communicate effectively, both in writing and verbally

• Ability to interact effectively with internal and external resources at all organizational levels

• Excellent project management, organization, and follow-up skills

• Strong critical thinking and problem-solving skills

• Fluent in Spanish and English (Excellent English writing and speaking skills)

Preferred Qualifications

• Common cloud platforms – Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform

• SOAR tools such as: Shuffle SOAR, Demisto, Phantom, etc. 

• Knowledge and proficiency with popular cloud security services (VPC, RDS, IAM, WAF, IDS/IPS, AS3, SQS, SNS, CloudWatch, CloudTrail, Inspector, Config, etc.) • Vulnerability tools such as: Kenna, Tenable, Qualys, Patrowl etc.

• Threat intelligence tools such as Recorded Future and MISP

• Endpoint detection/HIDS tools such as: CarbonBlack, Crowdstrike, Wazuh etc.

• Microsoft 365 logging

• Cloudflare, Akamai, Imperva, Fastly

• Cloud access service brokers such as Netskope, ZScaler, McAfee, Forcepoint

• Containers (Kubernetes, Docker) and security leading practices