Manager (SOC and Incident Management)

Management and Sustenance of Security Operation Centre

• Lead and manage Security Operations Centre
• Primarily responsible for security event monitoring, management, and response
• Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives
• Revise and develop processes to strengthen the current Security Operations Framework, review policies and highlight the challenges in managing SLAs
• Responsible for team & vendor management, overall use of resources and initiation of corrective action where required for Security Operations Centre
• Management, administration & maintenance of security devices under the purview of ITRC which consists of state-of-the art technologies
• Develop review and updated use cases for security monitoring based on identified threat intelligence.
• Responsible for integration of standard and non-standard logs in SIEM
• Creation of reports, dashboards, metrics for SOC operations and presentation to Sr. Mgmt.
• Manage, implement & administrate security tools and controls are in place to detect vulnerabilities across infrastructure, services, and applications.
• Discover vulnerabilities and ensure mitigation actions are implemented in the defined time schedule.
• Create detailed technical review report and work with stakeholders in identifying Solution to fix.
• Responds to technical queries related to the reports and findings
• Develop and lead cyber threat intelligence efforts to identify and analyse long-term and short-term cyber threat actor groups, techniques, and tactics.

Management of Incident Management Program

• Coordinate resolution of complex technical problems with a variety of diverse applications
• Maintain incident logs describing the event, what occurred, timing, root cause and actions taken to resolve
• Prioritizing incidents according to their urgency and influence on the business.
• Logging all incidents and their resolution to see if there are recurring malfunctions.
• Generation of ad-hoc incident reports as necessary
• Updating escalation procedures and training manuals as required
• Provide written updates on issue status and next steps to business and IT partners
• Follow-up on incidents to ensure permanent corrective action has been identified.

• Proficient in Incident Management and Response
• Experience in security device management and SIEM (ArcSight, QRadar, Splunk, AlienVault)
• In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
• Experience in threat management
• Knowledge of various operating system flavours including but not limited to Windows, Linux, Unix
• Knowledge of applications, databases, middleware to address security threats against the same.
• Proficient in preparation of reports, dashboards, and documentation
• Experience in performing vendor management

Information Systems or Cybersecurity engineering or related field