Lead Analyst - SOC Monitoring (CPX)

Overview

SOC Operations Management

• Lead and manage daily SOC activities and ensure efficient monitoring of security systems.
• Oversee the triage, investigation, and resolution of security incidents.
• Ensure incident handling aligns with defined SLAs and escalation procedures.

Incident Response & Threat Management

• Coordinate and lead incident response efforts.
• Analyze and respond to complex threats using threat intelligence and advanced detection techniques.
• Oversee triage, investigation, and remediation of security events an incident.
• Lead major incident investigations and coordinate with other teams such as Incident Response, Threat Hunting, and CTI functions.

Team Leadership & Development

• Mentor and guide SOC analysts.
• Conduct training sessions and promote continuous learning.

Security Tools & SIEM Management

• Manage and optimize SIEM tools and other security technologies.
• Ensure effective integration of tools for comprehensive monitoring.
• Correlate security events from SIEM, EDR, Firewall, IDS/IPS etc.
• Validate and fine tune detection rules, correlation searches, and threat models.
• Identify automation opportunities to reduce mean time to detect (MTTD) and mean time to respond (MTTR).

Threat Hunting & Vulnerability Management

• Proactively identify threats lurking in the environment by conducting threat hunting exercises.
• Oversee vulnerability scanning and patch management.
• Work closely with CTI and Threat Hunters to integrate IOCs, TTPs, and MITRE ATT&CK coverage to enhance detection posture overall.

Reporting & Compliance

• Generate detailed reports on incidents, trends, and SOC performance.
• Ensure compliance with industry standards and regulatory requirements.
• Provide regular operational metrices and incident reports to senior management.

Collaboration & Strategy

• Work closely with IT, Cloud, Application, Risk, and Security teams for cross-functional incident handling.
• Contribute to the development of security policies and procedures.
• Highly result oriented and able to work independently.
• Good analytical, technical, written, and verbal communication skills.
• Ability to multi-task in a fast-paced and demanding work environment.
• Comfortable with a high-tech work environment and constantly learning new tools and innovations.
• Self-motivated, curious, and knowledgeable ab information security news and current events.

Qualifications

• Bachelor’s degree in engineering, computer science, information systems, or quantitative fields.
• ISC² Certified Information Systems Security Professional (CISSP)

• CISM Certified Information Security Manager

• GIAC Certifications
• Minimum of 10+ years’ relevant experience or working in a large-scale ICT environment focused on Information/Cyber Security.
• High-level understanding of TCP/IP protocol and OSI Seven Layer Mode.
• Knowledge of security best practices and concepts.
• Knowledge of Windows and/or Unix-based systems/architectures and related security.
• Sound level of knowledge of LAN/WAN technologies.
• Must have a solid understanding of information technology and information security.
• Expertise in incident response and handling methodologies.
• Knowledge of Cyber kill chain, blockchain, and other IR frameworks.
• Knowledge of Defense-in-depth techniques.
• Knowledge of security event correlation and analytics tools.
• Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, covert channel, replay attacks, malicious code).
• Knowledge of which system files (e.g., log files, registry files, and configuration files) contain relevant information and where to find those system files.
• Experience with SIEM tool – preferably proficient with developing correlation rules, dashboards, and custom searches.
• Experience with automated incident response tools (PSTools, Sysmon, Carbon Black, etc.).
• Experience with packet capture and analysis (tcpdump/windump, Wireshark, etc.).
• Experience with host and network forensics.
• Strong understanding of security architectures and devices.
• Strong understanding of threat intelligence consumption and management.
• Strong understanding of root causes of malware infections and proactive mitigation.
• Strong understanding of lateral movement, footholds, and data exfiltration techniques.
• Experience with host and network practices of processing digital forensic data.
• Knowledge of forensic processes for seizing and preserving digital evidence (e.g., the chain of custody).
• Knowledge of server, network devices, security devices and diagnostic tools, and fault identification techniques