Lead Analyst - SOC Monitoring (CPX)
Indexed description
Responsibilities
SOC Operations Management:
- Lead and manage daily SOC activities and ensure efficient monitoring of security systems.
- Oversee the triage, investigation, and resolution of security incidents.
- Ensure incident handling aligns with defined SLAs and escalation procedures.
- Coordinate and lead incident response efforts.
- Analyze and respond to complex threats using threat intelligence and advanced detection techniques.
- Oversee triage, investigation, and remediation of security events an incident.
- Lead major incident investigations and coordinate with other teams such as Incident Response, Threat Hunting, and CTI functions.
- Mentor and guide SOC analysts.
- Conduct training sessions and promote continuous learning.
- Manage and optimize SIEM tools and other security technologies.
- Ensure effective integration of tools for comprehensive monitoring.
- Correlate security events from SIEM, EDR, Firewall, IDS/IPS etc.
- Validate and fine tune detection rules, correlation searches, and threat models.
- Identify automation opportunities to reduce mean time to detect (MTTD) and mean time to respond (MTTR).
- Proactively identify threats lurking in the environment by conducting threat hunting exercises.
- Oversee vulnerability scanning and patch management.
- Work closely with CTI and Threat Hunters to integrate IOCs, TTPs, and MITRE ATT&CK coverage to enhance detection posture overall.
- Generate detailed reports on incidents, trends, and SOC performance.
- Ensure compliance with industry standards and regulatory requirements.
- Provide regular operational metrices and incident reports to senior management.
- Work closely with IT, Cloud, Application, Risk, and Security teams for cross-functional incident handling.
- Contribute to the development of security policies and procedures.
- Highly result oriented and able to work independently.
- Good analytical, technical, written, and verbal communication skills.
- Ability to multi-task in a fast-paced and demanding work environment.
- Comfortable with a high-tech work environment and constantly learning new tools and innovations.
- Self-motivated, curious, and knowledgeable ab information security news and current events.
- ISC² Certified Information Systems Security Professional (CISSP)
- CISM Certified Information Security Manager
- GIAC Certifications
- Minimum of 10+ years’ relevant experience or working in a large-scale ICT environment focused on Information/Cyber Security.
- High-level understanding of TCP/IP protocol and OSI Seven Layer Mode.
- Knowledge of security best practices and concepts.
- Knowledge of Windows and/or Unix-based systems/architectures and related security.
- Sound level of knowledge of LAN/WAN technologies.
- Must have a solid understanding of information technology and information security.
- Expertise in incident response and handling methodologies.
- Knowledge of Cyber kill chain, blockchain, and other IR frameworks.
- Knowledge of Defense-in-depth techniques.
- Knowledge of security event correlation and analytics tools.
- Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, covert channel, replay attacks, malicious code).
- Knowledge of which system files (e.g., log files, registry files, and configuration files) contain relevant information and where to find those system files.
- Experience with SIEM tool – preferably proficient with developing correlation rules, dashboards, and custom searches.
- Experience with automated incident response tools (PSTools, Sysmon, Carbon Black, etc.).
- Experience with packet capture and analysis (tcpdump/windump, Wireshark, etc.).
- Experience with host and network forensics.
- Strong understanding of security architectures and devices.
- Strong understanding of threat intelligence consumption and management.
- Strong understanding of root causes of malware infections and proactive mitigation.
- Strong understanding of lateral movement, footholds, and data exfiltration techniques.
- Experience with host and network practices of processing digital forensic data.
- Knowledge of forensic processes for seizing and preserving digital evidence (e.g., the chain of custody).
- Knowledge of server, network devices, security devices and diagnostic tools, and fault identification techniques
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search