Sr. Manager - Cyber Defense/ Security Operations Center

• Lead and manage Security Operations Centre
• Must be hands on in terms of creating detection logic, monitoring alerts etc
• Primarily responsible for security event monitoring, management and response
• Ensure incident identification, assessment, quantification, reporting, communication, mitigation and monitoring
• Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives
• Provide input/review and development of security and compliance controls and vulnerabilities against policies, standards, and frameworks in the following frameworks such as ISO 27001, SOC2, and PCI
• Conduct manual validation to confirm vulnerability closure
• Revise and develop processes to strengthen the current Security Operations Framework
• Regularly review standard operating procedures and protocols to ensure SOC continues to effectively meet operational requirements
• Responsible for team & vendor management, overall use of resources and initiation of corrective action where required for Security Operations Centre
• Perform threat management, threat modelling, identify threat vectors and develop use cases for security monitoring
• Continual process improvement in infrastructure security assessments, reporting and remediation to reduce risk.
• Creation of reports, dashboards, metrics for SOC operations and presentation to Sr Mgmt.
• Routinely engage with cross functional teams to evaluate SOCs ability to meet stakeholder needs
• Evaluate existing technical capabilities and systems and identify opportunities for improvement
• Oversee training and exercises to ensure SOC team proficiency, conduct after action reviews to identify lessons learned and best practices
• Work closely Security Leadership to identify implement process changes, improvements and efficiencies and ensure solid security practices
• Develop communication channels with technology owners and the business to evangelize the evolving threat landscape
• Perform analysis to validate justifications for false positives, operational requirements, and risk adjustments
• Serve as subject matter expert for vulnerability management issue resolution
• Communicate vulnerabilities, solutions, and enterprise trends to all levels of an enterprise - both technical and non-technical resources
• Administer security infrastructure including intrusion detection, data loss prevention, anti-virus
• Administer endpoint security controls
• Evaluate key threat intelligence feeds, assesses risk, and recommends actions for cybersecurity operations improvements
• Advise IT teams regarding patch notifications, initial risk assessment, eligible systems, and deployment requirements
• Perform assessment of internal and third-party cybersecurity risk
• Support responses to customer inquiries about Saviynt compliance related to IT and Security
• Interface with external auditors in managing ongoing compliance and audits as it pertains to SOC activities
• Work with leading Cloud Service Providers (CSPs) to validate vulnerability management security posture of their products and services
• Monitor and maintain enterprise security scanning tools

Qualifications

• Subject matter expert in Cyber Defense / SOC, cloud/server infrastructure security
• Bachelor of Science degree in Computer Science or related field is required
• Around 10+ years security incident response experience
• Excellent analytical thinking and problem solving skills
• Experience in vulnerability program management
• Working experience with AWS, Google Cloud Platform or Microsoft Azure
• Working experience with a major scripting language is desirable
• Prior experience as a SOC analyst/ SOC Engineer is of paramount importance, to demonstrate hands-on capabilities
• Must have excellent written, communication and verbal skills to assist with communications with other teams and writing executive summaries based on work output
• Ability to lead, influence and collaborate with remote team members, proven delivery, remediation and incident response background
• Solid background in security incident response and vulnerability management
• Self-starter and outcomes oriented, can work with minimal supervision but knows when to escalat

• Data Classification, Retention & Handling Policy
• Incident Response Policy/Procedures
• Business Continuity/Disaster Recovery Policy/Procedures
• Mobile Device Policy
• Account Management Policy
• Access Control Policy
• Personnel Security Policy
• Privacy Policy