Lead - Security Operation Center

1) Cyber SOC framework Assessment and Implementation Cyber SOC Framework, Develop strategic goals for the SOC that align with the organization’s overall security strategy

Prepare list of all devices across LOB'. Finalize the list which will then integrate with SIEM. Tag each device with severity. In addition to this, will do assessment of critical devices & implement threat modeling as discussing with all CISO's. Use case finalization with severity and playbook having details of RACI matrix.

2) Implementation and Maintenance of SIEM Platform -

• Assessment, Integration & Implementation of devices with SIEM. Integrate 100 % Devices/log sources and all relevant use cases. Define and Implement threat modeling for all the businesses.

3)Collaboration and Communication

• Liaison with Stakeholders: Act as a bridge between the SOC and other departments, ensuring alignment on security initiatives.
• Reporting: Provide regular updates to senior management on security incidents, trends, and overall SOC performance.

4) SIEM Engineering and Policy Development

• Establish Security Policies: Develop and maintain policies related to incident response, vulnerability management, and compliance with regulatory requirements.
• Compliance Monitoring: Ensure that all security operations adhere to legal and regulatory standards.

5) Continuous Improvement

• Evaluate Security Technologies: Stay updated on the latest cybersecurity trends and technologies, implementing new tools as necessary to enhance SOC capabilities.
• Post-Incident Analysis: Conduct reviews after incidents to identify lessons learned and improve future response efforts.

6) Dashboards and Reporting - ITSM tool workflow, Dashboards, Playbooks preparation

Implement ITSM tool with SIEM events. Severity tagging with event categorization has to be reflect in ITSM.. Need to use ITSM tool as part of knowledge database like Playbooks, Run books, Guidelines, Incident Samples.