Security Operations Centre (SOC) Lead

1.1Overview

DNEGs Information Security (InfoSec) program has the requirement to build an internal Security Operations (SecOps) function in order to successfully preserve the confidentiality, integrity and availability (CIA) of its, and clients, confidential data, PII and systems and services. The overview of the SecOps program is listed below.

The building block in actualizing the SecOps function, will be to recruit a seasoned Security Operations Centre (SOC) Lead/Engineer to assist with applying the following crucial requirements:

Assisting with operationalizing the companys ISMS framework onscale.

Experience with working with numerous security and audit frameworks and ensuring operational efficiency of delivering against these crucial compliance and governancerequirements.

Assisting with architecting an optimal operational support model to monitor, detect, investigate and mitigate/minimize/manage key risk indicators and output derived from the companys IT infrastructure, identity and data services.

Identifying, hiring, maturing and managing the SecOpsteam.

Applying critical incident response action and suitable escalation to contain and minimize verified compromise.

• Manage daily/BAU operational securityoperations.
• Mature and develop the SOC processes and responsible for building the SOCfunction.
• Develop and maintain SOC operational processes and runbooks. Identify gaps and ensure that all necessary information and security telemetry is continuously being collected, correlated, aggregated and analyzed to detect potential cybersecurity risk toDNEG.
• Develop and implement SECOPS key performance indicators (KPIs) to ensure that optimum service delivery is being met.
• Work proactively, independently and partner with other internal teams to further streamline and mature allSECOPS processes andprocedures.
• Responsible for BAU day to day management of the SOC and ensure that daily operation activities are running at optimumperformance.
• Act in a leadership capacity and nature and build the effectiveness, partnerships and collaboration within the team and with peers andstakeholders.
• Responsible for ensuring that all cybersecurity detection, response, and recovery processes and procedures are up-to-date, relevant and adheredto.
• Responsible and accountable of the managing all aspects related to cyber security incident management andresponse.
• Develop and provide applicable reporting operating metrics demonstrating all facets of the SECOPs function and role withinDNEG.

A successful candidate will meet the majority of the requirements listed below and will be able demonstrate suitable experience in competencies in each of the following:

Ten years, plus/minus, of successfully building, developing and operationalizing a SecOps/SOC function within a highly technical and complex operatingenvironment.

In-depth experience and knowledge of all facets of cybersecurity operations, incident response (IR) management, processes and procedures andinvestigations.

Strong leadership and operational management skills and be able to demonstrate previous and/or current experience of building and maturing a SecOpsfunction.

Excellent, and demonstrable, technical knowledge, application and experience with thefollowing:

• Network Security: Firewalls, IDS/IPS, Proxy Servers, Email and Web ContentFilters.
• Anti-Virus/Malware Mitigation (EPP): Signature and signatureless EPPsolutions.
• Access Control Concepts andApplication.
• DLPSolutions
• Operating Systems: MS Windows (Client and Server O/S); multiple LINUX distributions, MacOSX

Excellent and demonstrable, technical knowledge, application and experience with thefollowing:

• Security data analytics andreporting.
• SIEM, security data aggregation and correlation knowledge. Defining SIEM rules and downstream monitoring and detection processes.
• MITREframework

Knowledge and experience of working with the following Information Securityframeworks:

oISO27001:2013

• PCI/DSS
• CIS
• NIST

Excellent knowledge of identity management systems and processes and be familiar with both existing and emerging threats as they pertain toIdAM.

Excellent knowledge and experience of using vulnerability assurance management toolsets andservices.

Excellent knowledge and experience of network and application penetration testing methodologies andpractice.

Enhance and mature existing applied InfoSec technologies that are utilized for the SecOpsfunction.

Knowledge of privacy compliance and privacy frameworks and their applicability to a SecOps function wouldbe desirable, e.g.,GDPR.

Strong knowledge and demonstratable experience of Cloud Security (especially SaaS and PaaS), concepts and application.

Demonstrate experience of being able to fulfil requirements and prioritizeworkstreams.

A strong team player who also works effectively in an independentcapacity.

Highly motivated and bring a forward thinking and highly collaborative approach to the SecOpsfunction

• A bachelors degree in IT or ComputerScience
• Certified Information Systems Security Professional (CISSP), Certified Information System Auditor (CISA); CISM, IISP, or other equivalent Security certification/accreditation isdesirable