SOC Manager / Head of SOC | IT Recruitment

  • Full Time
  • Midrand

Main purpose of the role:

The SOC Manager is in charge of directing and improving the company 24×7 SOC threat monitoring and response operations. The responsibilities of the SOC manager include implementing and advising on cyber security strategies including threat handling, incident management, threat investigations, building standard processes and procedures (SOPs), playbooks and additional security initiatives in order to deliver a valuable security experience to our clients across the world.

The role includes leading cyber security staff, including the assessment, hiring, training, and development of the SOC personnel, as well as building and improving the SOC threat handling and reporting processes in alignment with global standards, playbook development, cross-team synchronization, and the development of a robust and effective cyber security culture.

 

Required minimum education and work experience:

Skills and attributes for success:

  • In-depth knowledge of cyber-attacks and techniques, threat vectors and risk management
  • Excellent communication and leadership skills
  • Solid analytical skills, problem solving and Interpersonal skills
  • Solid experience in process development (SOP) and technical writing for security
  • Solid experience in incident management, threat management and threat response
  • Solid experience in preparation of security reports, dashboards and documentation
  • Solid experience working and delighting external and internal customers
  • Good experience in SIEM (QRadar\QRoC, Azure Sentinel), EDR and SOAR technologies
  • Good ability to handle high pressure situations
  • Good Experience with VAR, consulting, or another equivalent
  • Thrive and enjoy working in a fast-paced environment, surrounded by brilliant and like-minded people

Minimum Qualifications/Technical and Educational Requirements:

  • A bachelor’s degree or equivalent work is required
  • 5+ years of leadership/management experience
  • 10+ years relevant experience in the cyber security field
  • MSSP SOC leadership/management experience
  • Cyber Security Certifications one or more: CEH, CISSP, GCIH, GSEC, GCIA, GMON, or equivalent
  • Knowledge of: Strong Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM)
  • Knowledge of security standards, including CREST, NIST, ISO27001, ASD, PCI DSS would be desirable

 

Job level:

  • Level 3

 

Level of leadership:

  • Level 3

 

Reports to [role]:

  • VP Threat Intelligence & Platforms

 

Internal contacts

  • SOC Team Leader
  • SOC & MDR Team Members
  • SIEM Engineering Team Lead
  • VP Threat Intelligence & Automation Platforms
  • Service Delivery Management
  • Product & Solutions Management

 

External contacts

  • Global clients
  • Vendor technical support
  • Suppliers

 

Key performance areas

  • SOC/MDR People
  • Threat Handling & Reporting Processes
  • Know Your Client & Commercials
  • Global Standards & Compliance
  • Customers & Team Members Onboarding \ Deboarding

 

Responsibilities:

SOC/MDR People:

  • Agree on the basic skills and job profile of SOC analyst L1, L2 and lead
  • Define job descriptions for team members and set the standard for expected quality
  • Assess team members performance and improvement over time (in accordance with the SOPs and quality expected)
  • Plan the team 24×7 shift schedules
  • Develop the team capability by introducing new processes, teaching and developing new skills (in alignment with Global Learning and Development Manager)
  • Indoctrinate an approach of well-formatted, quality and accurate incident handling and reports
  • improvement over time
  • Recruit and assess analysts to fulfil job vacancies (in alignment with the budget)
  • Measure and advise on SOC capacity per workload and on new positions\budget that may need to be opened\adjusted
  • Develop and maintain accurate visibility into the SOC budget

Threat Handling & Reporting Processes

  • Handle and direct on client requests and escalations
  • Provide long term or short term (bridge) process to provide security value to clients
  • Build and update threat handling and reporting processes aimed to deliver security value to clients
  • Implement, document and indoctrinate threat handling and reporting processes (SOPs) in a scalable manner
  • Assess periodically the threat handling & reporting process for improvements
  • Consult with colleagues and peers (SOC Team lead, Engineering, VP Threat Intel\Platforms) on process improvement ideas as needed
  • Raise and record ideas for automation and improve manual processes
  • Improve and prioritise processes per customer feedback or idea, assess with colleagues and the broader team as needed
  • Document processes (SOPs) and indoctrinate them as SOP to the team
  • Coordinate and bridge P1 incidents with clients with the help of the Team Lead and the broader team

Know Your Client & Commercials:

  • Assess periodically the SOC packages, service specifications and the associated effort with the SOC for improvements and efficiencies to provide effective cyber defence
  • Standardise the service offering, its descriptions, associated effort, in and out of scope items with Product and Engineering teams
  • Meet with clients regularly or ad-hoc to understand their security challenges, assess their feedback against the service deliverables and record their improvement ideas
  • Represent and evangelise the SOC in client meetings as needed, but also advise when this may become a distraction
  • Address client concerns and negotiate short term and/or long-term solutions to solve problem
  • Keep the SDM team informed of client requests or any updates on delivery that addresses a client ask or concern
  • Act as a gate keeper of potential ‘feature creeps’ that clients may request

Global Standards & Compliance

  • Assess the security standards the SOC should adhere to as defined by the business strategy
  • Create a backlog of processes and an associated timeline to support the standard\s that are in scope
  • Develop and document processes in alignment with the standard
  • Coordinate and liaise with external security auditors as needed

Client & Team Members Onboarding \ Deboarding:

  • Assess the customer onboarding and deboarding process for new and leaving customers and the hand-over processes from cross teams
  • Improve the customer on-boarding process with the broader team (Engineering and Sales Engineering)
  • Test newly on-boarded customers environment (process, technology) to ensure that systems and services are working correctly
  • Escalate as needed any on-boarding issues in customers environments to the internal teams or the client
  • Contribute ideas for improvements to o boarding and de-boarding processes (internal or client facing)
  • Build and improve a JML process for the authorisation/de-authorisation to technology and data of new or leaving analysts

 

Technical knowledge / competencies

  • Solid experience in Information Security
  • Solid experience in incident management, threat management and threat response
  • Solid experience in preparation of security reports, dashboards and documentation
  • Solid experience in process development (SOP) and technical writing for security
  • Solid experience and Knowledge of Windows, Linux, and Mac OS X
  • Good experience of applications, databases, middleware to address security threats against the same
  • Good experience or interest in Cyber threat hunting
  • Good experience in SIEM (QRadar-QRoC, Azure Sentinel), EDR and SOAR technologies
  • Good experience in security technologies: Strong Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM)
  • Good experience in threat landscape, security threats and attack countermeasures
  • Some experience in security standards, including CREST, NIST, ISO27001, ASD, PCI DSS
  • Some experience or interest in scripting languages and programming, preferably Python
  • Some experience or interest cyber threat intelligence
  • Some experience or interest in software vulnerabilities & exploitation
  • Some experience or interest in analysing large amounts of data and performing pattern analysis
  • Some experience or interest in APT/crime-ware ecosystems
  • Some experience or interest in packet capture (PCAP) analysis using tools such as Wireshark
  • Some experience or interest in root cause analysis and escalation procedures
  • Some experience or interest in security vulnerabilities, Google hacking, and threat intelligence
  • Some experience or interest in conducting in-depth forensic analysis and investigation

 

Behavioral competencies

  • Team leader, Team player and a self-starter
  • Adopting and accepting the organisation’s professional standards
  • Structured thinking
  • Individual thinking within the current role
  • Grit mindset
  • Collaboration – willingness and ability to collaborate with other team members
  • Action oriented – production of desired outcomes within the required timeframes
  • Work pro-actively – both independently and with peers
  • Assertive and confident
  • Ability to avoid conflict, or bridge and handle conflict effectively
  • Ability to plan and organize work tasks
  • Strong sense of accountability and responsibility
  • High attention to detail with a passion for accuracy and quality technical documentation
Upload your CV/resume or any other relevant file. Max. file size: 20 MB.