Experience: 10-12 years
- Lead the design, documentation and implementation of SOC processes and procedures for the Security Operations Center (including but not limited to use cases, indicators of compromise, kill chains, run books, operational procedures etc.)
- Work with Lead Architects to agree, document and implement security event notification and remediation processes and procedures
- Design, document and implement security incident management processes and procedures within the SOC team and wider stakeholder groups
- Develop and implement SLA’s and OLA’s for the SOC team and managed security service providers (internal and external)
- Liaise with Managed Security Service Providers (internal and external) to gain agreement and sign off of the SLA’s, OLA’s
- Lead the parallel configuration of the SIEM and other security infrastructure to ensure that the use cases, processes and procedures are appropriately supported and automated by the relevant solutions and able to provide the SOC analysts with requisite data.
- Previous experience in architecting , designing and implementing a complete MSSP infrastructure
- Help the organization in understanding customer requirements & proposing solutions for it.
- Mentor & Guide fellow security analysts.
- Ability to handle escalations & high pressure environments.
- Working knowledge of Open Source Security tools such as Snort, nmap, OpenVAS, Nagios, WireShark, NESSUS, NFDump, nTop.
- Working knowledge of various security methodologies and processes.
- Experience Configuring and implementing security solutions (firewalls, IDS, OSSIM / LM/SIEM etc.)
- Knowledge of TCP/IP protocols and analysis
- Excellent customer interface skills
- Strong Oral and Written Communication Skills explaining complex procedures
- Ability to Communicate in a Professional, Friendly and Effective Manner
- Knowledge of common Internet protocols and applications.
- Programming / shell scripting experience highly desirable (PERL, Java, shell scripts, etc.)
- Extensive Trouble Shooting skills involved with Appliance Installation, Deployment and Usage in a Complex Network Environment
- Previous Customer Facing role (Sales Engineering, Customer Service, Support, etc.)
- Strong Collaborator, Solutions Oriented Team Focused
- High-Energy person with an extremely Positive Attitude.
- Significant experience with MSSP infrastructure design, configuration and use
- Significant security device management experience (including, firewalls, IDS, internet filters, vulnerability scanners etc.)
- Familiarity with Cisco ASA, Cisco IPS, VM, Tenable SC, Nessus, Websense and SNORT is a plus.
Relevant Professional Qualifications:
- Certified Information Systems Security professional (CISSP)
- Certified Ethical Hacker (CEH)
- Global Information Assurance Certifications (GIAC) e.g. Certified Incident Handler (GCIH), Certified Intrusion Analyst (GCIA), Certified Enterprise Defender (GCED)