Manager - Threat Hunting
Indexed description
Job Purpose:
- Administration:
- Leads the administration of SOAR (Security Orchestration and Response solution) solutions within the Cyber Defense Center, enhancing the efficiency and effectiveness of an organization’s security operations through the use of automation and orchestration.
This role involves working closely with the security operations team to develop automated workflows, integrate various security tools, and respond to security incidents efficiently
SOAR Manager effectively streamlines security operations, improve incident response times, and enhance overall cybersecurity resilience
Key Result Areas:
- Technical Proficiency: Deep understanding of security technologies, including SOAR (Security Orchestration and Response solution) platforms, threat intelligence platforms, SIEM solutions and other cyber monitoring tools and technologies.
- Design, implement, optimize security workflows, Create automated playbooks and ensure proper orchestration between multiple security tools and systems
- Automation and Scripting: Proficiency in scripting languages such as Python, PowerShell, or Bash to automate repetitive tasks and integrate different security tools.
- Incident Response: Strong knowledge of incident response processes and frameworks, including the ability to coordinate response efforts during security incidents.
- Analytical Skills: Ability to analyze complex security data, identify patterns, and make informed decisions to enhance security operation.
- Project Management: Experience in managing projects, including planning, execution, and monitoring of SOAR implementations and improvements.
Key Principles:
- Alignment with Business Priorities: Provide strategic direction and oversight for the SOAR process, ensuring alignment with organizational goals and objectives
- Ownership and Accountability: The SOAR Manager takes full responsibility for activities and the department’s, holding self and team accountable for their outcomes.
- Driving SOAR Maturity Enhancement: Proactively drives initiatives that enhance incident response and resilient cyber posture.
- Focus on Outputs and Impact: Focus on delivering outputs that create meaningful impact such as enhanced security culture and protection posture of the bank.
- Innovation and Automation: Continuously seek innovative solutions and automated processes for efficiency.
- Continuous Learning and Improvement: Committed to learning from experiences and continuously improving the processes and outcomes.
Operating Environment, Framework and Boundaries, Working Relationships:
- HO (Head Office), Local CISOs, Regulators and Supervisors across the bank
- Cyber Security Standards and Industry best practices
- All business units including LOD 1-3 including LOD1 – Business, DPP, Technology, LOD-2 Group Compliance, Fraud Prevention, Risk Management and LOD-3 Internal Audit.
Problem Solving:
- Analytical Thinking: The ability to break down complex problems into manageable parts and analyze them systematically is crucial for identifying security threats and vulnerabilities.
- Technical Proficiency: Deep understanding of security technologies, protocols, and tools is essential for designing and implementing SOAR solutions.
- Creativity: Innovative thinking helps in developing unique solutions to security challenges, especially when standard approaches are insufficient.
Decision Making Authority & Responsibility:
- SOAR Manager is a SME role who has overall responsibility for SOAR processes withing the Security Incident Response domain and supporting the Head of Cyber Defense Center to achieve organization’s Information Security strategy and goals.
- Confirm adequacy of the process controls against Security Incident response policies, standards and applicable regulatory requirements.
Knowledge, Skills, and Experience:
Essential knowledge
- Have over 8+ years of rich experience in information security domain and at least 4-6 years of dedicated experience in Security Incident Response using SOAR solutions.
- Hands on experience in implementing and operationalizing SOAR tools preferably on Sentinel or Splunk SOAR, Palo Alto Cortex XSOAR, or IBM Resilient
- Familiarity with advanced SOC monitoring technologies, risk, threat and security measures.
- Knowledge across the SOC domains including governance, control frameworks, policies, compliance management, risk management and incident response etc.
- Preferably worked in BFSI domain with proven experience in SOC function.
- Knowledge of key security standards and regulations such as NIST 800-61, CERT/CC, PCI, ISO 27035 etc.
Skills and Application
- Automate potential resilient security processes to ensure continuous compliance with security best practices.
- Maintaining up-to-date knowledge of security trends, threats, and countermeasures
- Assess and design security posture SOAR solutions, tools and methodologies
- Reviewing use cases/playbooks for SOAR tools
- Continuously monitor security hygiene and performance using tools and processes
- Collaborate with other IS teams, Ops and tech teams on enhancing security incident response resilience
- Other
- Sound knowledge of evolving advanced tech stacks and related control and risk universe from a SOC perspective.
- The ideal candidate will have a technical or computer science degree.
Professional certifications: GCIH, CISSP, CEH etc.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search