SOC Team Leader

Job Description: 

• Responsible for Building and developing the security operation center, maintain its internal growth to achieve corporate objectives.
• Responsible for creating a positive, creative, and dynamic team culture that directly contributes to positive SOC operations
• Responsible for overseeing the daily operations of the SOC. leads, coaches and develops a team of SOC on different tiers.
• Accountable and responsible for the SOC Activities, Performance & Deliverables.
• Develops and delivers technology and process improvements for the SOC to maintain operational readiness for incident response, and reports to ensure an appropriate level of service
• Understand the implementation of new information security technologies and lead the integration of new tools within operations.
• Management of security monitoring and incident response of cyber security events in the Security Operation Center (SOC).
• Oversight of the SOC team’s response to cyber security tickets and provide analysis and trending of security log data from security devices as well as various security tool portals 
• Oversight of monitoring and analysis of Security Information and Event Management (SIEM) alerts to identify security issues for remediation and investigate events and incidents 
• Drive the implementation of emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack. 
• Provide proactive “threat hunting” to detect incidents
• Define protocols and maturing of 'playbooks' for operational response to cyber threats 
• Tune rules and thresholds to improve the fidelity of alerts 
•  Prepare reports of analysis and results to provide briefings to the CISO 
• Provide Incident Response support when analysis confirms an actionable incident 
• Ensure incident identification, assessment, quantification, reporting, communication, mitigation, and monitoring. 
• Work collaboratively with other cybersecurity teams and business units 
• Lead SOC analysts during incident response actions, advise and coordinate with leadership during active incidents 
• Identify, evaluate, develop and report SOC-related metrics via the dashboard and/or reports 
• Develop, lead and present relevant Cybersecurity tabletop exercises and incident drills to SOC staff and relevant stakeholder groups for the purposes of identifying process improvement opportunities. 

Technical Skills: 

• Solid Knowledge of TCP/IP protocols 
• Deep Packet and log analysis 
• Knowledge of Windows and Linux operating systems. 
• Knowledge of Network security technologies (Firewalls, IDS/IPS, WAF, Antivirus …etc) 
• Solid knowledge in SIEM technologies (LogRhythm, Qradar, Splunk, Netwitness... etc.) 
• good Knowledge in threat intelligence 
• Experience as a Senior Security Analyst leading a team
• Experience with Security Operations Center, network event analysis, and threat analysis 
• Experience working as an Incident Responder 
• Knowledge of various security methodologies and technical security solutions 
• Experience analyzing data from cybersecurity monitoring tools
• Ability to analyze endpoint, network, and application logs 
• Experience tuning and/or configuring SIEM and vulnerability tools 
• Knowledge of common Internet protocols and applications 
• Scripting experience in Linux or PowerShell preferred