SOC Lead

Role Overview

Lead the Security Operations Center (SOC) team, responsible for the administration and operation of various security tools, including ArcSight SIEM, EDR, AV, Email Security, CSPM, and WAF. Ensure the availability of all SOC tools and maximize the return on investment in technology.

What You Will Do

Perform analysis of logs from various devices, develop use cases for anomaly detection, and lead modules within the SOC to improve detection and response capabilities. Develop and maintain technology architecture cost and return on investment (ROI) models, and handle 24*7 operations and support various SOC activities.

Why It Might Be a Fit

The ideal candidate will have a clear understanding of the MITRE framework and its operationalization across multiple functions of the SOC. They will be well-versed in logging standards, device onboarding, and log source integration, and have good communication skills and stakeholder management abilities.

Requirements

• ArcSight SIEM administration and operation
• EDR, AV, Email Security, CSPM, WAF administration and operation
• Custom/unsupported devices integration with ArcSight SIEM
• Content creation on SIEM to cover all stages of MITRE
• EDR, CSPM, MDO policy fine-tuning
• Design, develop, monitor, adhere to various SLAs/KPIs/KRIs applicable to Security Operations Centre
• Creation of customized reports and dashboards for presentation to various stakeholders
• Identify and address technical or operational risks
• SIEM and other security platform performance and capacity management
• Develop and maintain technology architecture cost and return on investment (ROI) models
• Good Communication Skill and stakeholder management
• Clear understanding of MITRE framework and its operationalization across multiple functions of SOC