Security Operations Centre Lead

CyberClan is a dynamic and rapidly growing organization committed to ensuring the security and integrity of our operations. We are seeking an experienced and proactive IT Security Manager to lead our security team and safeguard our assets, employees, and information.

Position Overview:

As the Security Operations Lead, you will be responsible for overseeing and managing all aspects of our security operations. This role requires a strategic thinker with a strong background in security management, risk assessment, and incident response. You will play a crucial role in developing and implementing security policies, procedures, and protocols to ensure the safety and security of our personnel, facilities, and information.

Principal Duties and Responsibilities:

• Ensuring clear strategies are in place for embedding operational security controls, aligned to relevant security policies and technical standards.
• Manage a region of SOC analysts to deliver a 24x7x365 Security Operations Centre.
• Developing and improving processes to strengthen the current Security Operations.
• Ensure daily tasking, quality assessment, training, and development is maintained for entire SOC region.
• Lead staff to proactively identify, prevent, and respond to security incidents.
• Ensuring incident identification, assessment, quantification, reporting, communication, mitigation, and monitoring.
• Producing and disseminating SOC management information, including preparation of reporting material for Senior Management review.
• Provide clear, concise reporting around key KPI’s to their customers and internal teams.
• Manage 3rd Parties to ensure they deliver effective SOC services.
• Contribute to the design and development of defence and response strategies, knowledgebase, and playbooks.
• Support to design, build, manage, and maintain security monitoring systems and infrastructure such as SIEM, IDS/IPS, and cloud-based security platforms.
• Create and maintain compliance reports, support the audit process, measure SOC performance metrics, and report on security operations to Head of Security Operations and Director of GRC.
• Support the monitoring SIEM alerts effectively to minimize downtime and restore services.
• Responsible for managing and configuring security monitoring tools.
• Drive a learning and knowledge-sharing security culture.
• Support the SOC team research global security events, issues, and trends to produce security advisories for customers based on findings.

Qualifications:

• Educated to GCSE level or equivalent.
• Cyber Security Qualification (CISSP, CCSP, Security+, AWS Security, GIAC certifications are an asset).
• Networking experience, including IP addressing (VLAN, NAT, DNS, ACL).
• Linux, Sysmon, and FOSS.
• ITIL Foundation.

Skills, Knowledge and Experience:

• Knowledge and experience of SOC tooling to identify threats.
• Experience of collaboration tools.
• Keen analytical mind and approach.
• Proactively shares own expertise with others.
• Knowledge and experience of IT systems, networking, and security threat landscape including:
• Network fundamentals for example OSI stack, TCP/IP, DNS, HTTPS, firewall logs, packet capture and analysis.
• Cloud technologies (AWS, Google Cloud, Azure).
• Endpoint protection applications (Antivirus, Web Filtering, ATP, Encryption).
• IDP/IPS Systems.
• SIEM tools (such as Splunk).
• SOAR is an added advantage.
• Knowledge of malware capabilities, attack vectors, and impact.
• Knowledge of the MITRE ATT&CK framework to understand threat actors and how to mitigate them.
• Knowledge and experience in threat analysis.
• Training or educating network users about security protocols.
• Administration of network firewalls.
• Troubleshooting and problem-solving skills.
• Identification of security areas that can be improved, and the implementation of solutions to those areas.
• Dependability and flexibility, being on-call or available outside of regular work hours.
• Security Information and Event Management (SIEM).
• TCP/IP, computer networking, routing, and switching.
• C, C++, C#, Java or PHP programming languages.
• IDS/IPS, penetration, and vulnerability testing.
• Firewall and intrusion detection/prevention protocols.
• Windows, UNIX, and Linux operating systems.
• Network protocols and packet analysis tools.
• Anti-virus and anti-malware.
• Various certifications including Security+, CEH, GIAC, CASP, CISSP.
• Confident with customer interactions, including face-to-face, web-ex, and internal conversations.
• Excellent interpersonal skills sufficient to develop professional relationships and rapport amongst key stakeholders.
• Strong team player.
• Genuine enthusiasm and drive to work within cyber security.
• Good written skills to write explanations of systems, regulations, and procedures.
• Ability to identify and suggest continual improvement.
• Good analytical and problem-solving skills.
• Ability to adapt to organisational change.
• Proven ability to manage varied workload.
• Ability to work unsupervised and under pressure.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• A self-starter with the ability to lead and drive change through an organisation.
• CEH, CISSP, PMP, GCIH, GSCE, or related certifications.
• Excellent communication and leadership skills.
• Ability to handle high-pressure situations.
• Analytical and problem-solving skills.

Location: Remote

% of Travel Required: 0-10%

Physical Requirements: Prolonged periods of sitting at a desk and working on a computer.

CyberClan is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.

• Mid-Senior level

• Full-time

• Management
• Industries: Computer and Network Security and Information Services