8 months ago
Lead the Security Operations Center (SOC) team to include monitoring and responding to cyber-attacks. In addition, this position will be responsible for providing strategy, leadership, training, and mentoring to the SOC. The candidate will work with various technology and business stakeholders to ensure the secure rapid delivery of business value.
- Lead the SOC to include: maintaining a multi-year strategy/roadmap, obtaining key stakeholder sponsorship, establishing governance, and driving the repeatable delivery of outcomes
- Manage core SOC capabilities: security monitoring use cases linked to threat intelligence/MITRE ATT&CK, triage investigation processes, and the incident response plan
- Leverage knowledge of attacks/investigations to establish a feedback loop; engage with and influence key stakeholders to enhance security posture
- Develop monitoring and report on the health, effectiveness and efficiency of SOC services
- Manage SOC vendor relationships, to include the Managed Security Service Provider (MSSP) and Incident Response Retainer
- Clearly communicate vision, user stories, plans and project status to directs, management, and key business stakeholders
- Focus on the personal and professional growth of SOC staff by minting new analysts, engineers, and managers
- Accountable for internal/external audits of the SOC
- Follows all Bank policies and procedures, compliance regulations, and completes all required annual or job-specific training.
- Keeps current on emerging technologies and attacks
- May perform other duties as assigned
Supervisory Responsibilities: May supervise up to 6 staff and MSSP vendor
- Bachelor's Degree in Management Information Systems, Computer Science is preferred.
- 5 + years of hands on experience in the security monitoring and incident response
- 2 + years of management experience; ability to lead with a strategic vision and manage operations
- Experience with SIEM capabilities, Splunk preferred
- Hands on experience with EPP/EDR, NefFlow, and vulnerability identification tools
- Experience with cloud service providers, Azure preferred
- Strong leadership skills; ability to structure unstructured problems and take command during an incident
- License/ Certificate
- Must possess at least one of the following certifications: GCIH, GCIA, GCFA, CHFI
- May possess one or more of the following certifications: CISSP, GWAPT, CCNP, GCUX, GCWN