SOC Team Lead/Manager

Miejsce pracy: Kraków

Recruitment for

This role is an entry-level leadership position and requires technical expertise and experience in SOC operations. The selected candidate will lead a team of motivated and eager Cybersecurity analysts, who provide enterprise-wide event identification, triage, and remediation. The team will also escalate to other teams, as necessary. This candidate will help develop SOC processes, procedures, and workflows. The candidate for this position should have a clear understanding of SOC operations and is ready to help develop automation, efficiencies and implement best practices based on their knowledge and experience.

Your responsibilities

Ensure incident identification, assessment, quantification, reporting, communication, mitigation, and monitoring.
Work collaboratively with other cybersecurity teams and business units.
Drive the implementation of emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack.
Implement standards and procedures to ensure alerts are addressed with relevancy, accuracy and in a timely manner.
Define protocols and maturing of 'playbooks' for operational response to cyber threats.
Operate autonomously to further investigate and escalate in accordance with policies, procedures, and defined processes.
Provide teaching / mentoring to SOC level II and III Analysts.
Lead SOC analysts during incident response actions, advise and coordinate with leadership during active incidents.
Identify, evaluate, develop, and report SOC related metrics via dashboard and/or reports.
Manage shift schedules and lead SOC personnel.
Develop, lead and present relevant Cybersecurity tabletop exercises to SOC staff and relevant stakeholder groups for the purposes of identifying process improvement opportunities.

Employer requirements

ISSP, CASP, CCSP, SSCP, SANS GIAC GMON, GCIH, GCIA, GCFA, GCFE, GREM.
Deep technical understanding of core current cybersecurity technologies as well as emerging capabilities.
Hands-on cybersecurity experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization including prior experience performing large-scale incident response.
Demonstrated understanding of the life cycle of cybersecurity threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques, and procedures (TTPs).
Familiarity or experience in Intelligence Driven Defense, Cyber Kill Chain methodology, and/or MITRE ATT&CK framework.
Familiarity with Cloud concepts and experience performing monitoring and responding to threats in Cloud environments.
5+ Experience working within Security Operations Center AND using SIEM technologies Required.
2+ Experience leading and developing others Preferred.
7+ General Cybersecurity field Required
Demonstrated ability to identify automation/orchestration opportunities and developing plan to implement automation Advanced.
Strong leadership, problem solving and critical thinking skills. Ability to prioritize and execute autonomously Advanced.
Ability to communicate effectively with all levels of staff, management, and business units both verbally and in writing Advanced.
Strong understanding of latest security principles and protocols Advanced.
Strong understanding of security operations technologies including SIEM, endpoint tools and network-based logs Advanced.
Knowledge in emerging technologies and tactics used within a SOC, and how they are applied to improve efficiency and effectiveness Advanced.
Understanding of tactics, techniques and procedures associated with cyber threats and the ability to develop relevant alerting, countermeasures, and threat hunting techniques. Advanced.
Scripting ability (Powershell, Python) Intermediate.

Hays Poland sp. z o.o. jest agencją zatrudnienia nr 361.