- Provide thought leadership and management of 24/7 SOC activities and support of Major Incident Response activities
- Direct, inform and prioritise the squad backlog by understanding the drivers of what we are doing and ensure the prioritisation translates into clear sense of purpose for the squad and understanding of the value we are delivering.
- Play a significant role in long-term SOC strategy and planning, including initiatives and roadmaps geared towards uplift and operational excellence
- Drive the implementation of automation within the SOC and maintain metrics that help provide a level of productivity, supportability and operational readiness while also participating in project planning activities such as delivery of new solutions or implementation of new tooling
- Support deep dive sessions of security incidents of interest impacting business critical processes and assets and identify actions, remediation recommendations to be implemented which may include refinement of security event monitoring use cases or strengthening of security baseline designs.
- Develop and create SOC processes and review their application to ensure SOC policies and procedures are operating effectively.
- Lead the day-to-day functions of the SOC squad including the detection, analysis and response to security incidents and oversee the incident handling of active threats to reduce potential impact
- Provide leadership in incident handling and coordination across multiple squads and resolver groups
- Develop and continually uplift the SOC methodologies, standards, tools and approaches.
- Collaborate with cross functional squads to deliver work that support the SOC strategy and roadmap
- Contribute to the reduction of cyber compromise risk by delivering against treatments and value stream solutions
- Provide oversight of use and implementation of SOC tooling and support delivery of new tooling or solution to the SOC
QUALIFICATIONS & REQUIREMENTS:
- Bachelor’s degree in Information Technology related field or relevant experience in Information Security
- Experience leading a technical team in an operational environment (24/7 and SOC considered a plus)
- Demonstrated knowledge and proven experience with security platforms for analysis of incidents and events (SIEM, SOAR, EDR, etc.)
- Broad cybersecurity knowledge including familiarity with latest trends tactics and protocols (TTPs) and APT groups
- Solid working knowledge and understanding of multiple operating systems and commands, network security, endpoint security and security principles such as defence in depth
- Proven problem solving skills including ability to interpret data, define actions and implement solutions
- Strong cross functional collaborator with outstanding communication skills
- Exceptional interpersonal skills, including the ability to inspire, mentor, coach and develop others through influential leadership
- Proven experience in managing backlog of work, strategic and able to plan activities ahead but able to prioritize relevant piece of work
- Critical thinker, natural leader and deal shaper from technology perspective with experience leading and mentoring diverse cross-cultural teams within complex environments
Work Schedule: Regular shift (8am – 5pm)
Work Setup: Work-from-home