Security Operations Centre Lead

CyberClan • Kennedy, SK, Canada • 12h ago

Company Overview:

CyberClan is a dynamic and rapidly growing organization committed to ensuring the security and integrity of our operations. We are seeking an experienced and proactive IT Security Manager to lead our security team and safeguard our assets, employees, and information.

Position Overview:

As the Security Operations Lead, you will be responsible for overseeing and managing all aspects of our security operations. This role requires a strategic thinker with a strong background in security management, risk assessment, and incident response. You will play a crucial role in developing and implementing security policies, procedures, and protocols to ensure the safety and security of our personnel, facilities, and information.

Principal Duties and Responsibilities:

Ensuring clear strategies are in place for embedding operational security controls, aligned to relevant security policies and technical standards
Manage a region of SOC analysts to deliver a 24x7x365 Security Operations Centre;
Developing and improving processes to strengthen the current Security Operations;
Ensure daily tasking, quality assessment, training and development is maintained for entire SOC region.
Lead staff to proactively identify, prevent, and respond to security incidents;
Ensuring incident identification, assessment, quantification, reporting, communication, mitigation, and monitoring;
Producing and disseminating SOC management Information, including preparation of reporting material for Senior Management review;
Provide clear, concise reporting around key KPI's to their customers and internal teams.
Manage 3rd Parties to ensure they deliver effective SOC services.
Contribute to the design and development of defence and respond strategies, knowledgebase and playbooks.
Support to design, build, manage and maintain security monitoring systems and infrastructure such as SIEM, IDS/IPS and cloud-based security platforms.
Create and maintain compliance reports, supports the audit process, measures SOC performance metrics, and reports on security operations to Head of Security Operations and Director of GRC.
Support the monitoring SIEM alerts effectively to minimize downtime and restore services.
Responsible for managing and configuring security monitoring tools.
Drive a learning and knowledge sharing security culture;
Support the SOC team research global security events, issues and trends to produce security advisories for customers based on findings.

Generic Duties and Responsibilities:

Ensuring an effective process of continuous improvement is in place
Ensuring compliance with relevant security policies, standards, compliance and regulation
Identifying requirements and driving improvements to SOC related policies and standards
Inspire and motivate a team of SOC Analysts that can add value to our customers and support the internal teams.
Accept, manage and update service requests and incidents to ensure contracted Service Level Agreements are met.
Guiding, coaching and mentoring analysts who are providing the core SOC functions, including but not limited to, alert triage, incident escalation, content creation etc.
Support Tier 2 Analysts
Support sales knowledge base and weekly meetings to ensure up to date knowledge of services is maintained.
Support customers for escalation purposes
To continuously develop both technical and personal skills required within role and assist with development of other staff.
Keep up to date on security developments and news
Conducting cyber threat research and analysis for purposes of improving the strength of network security.
Assist with defining, testing and operating new ways of working with new technology solutions or processes supplied to the SOC team.
Proactively support business KPIs.
Work with the CyberClan global team when responding to security incidents.
Understand and comply with all Information Security policies.
Understand and comply with all company policies.
Follow agreed security best practices and SOC processes
Interact with strategic incident response and threat intelligence vendors.
To undertake other responsibilities, training and tasks as reasonably requested by line management.
Undertake periodic assurance reviews and produce associated reporting as required.
Participate in CyberClan internal security awareness initiatives and other training requests
Other duties as assigned by the SOC Manager.

Qualifications:

Educated to GCSE level or equivalent
Cyber Security Qualification (CISSP, CCSP, Security+, AWS Security, GIAC certifications are an asset)
EDR/XDR (Crowdstrike, SentinelOne, MS Defender, Trend Vison One)
Networking experience, including IP addressing (VLAN, NAT, DNS, ACL)
Linux, Sysmon, and FOSS
ITIL Foundation

Skills, Knowledge and Experience:

Knowledge and experience of SOC tooling to identify threats.
Experience of collaboration tools
Keen analytical mind and approach
Proactively shares own expertise with others
Knowledge and experience of IT systems, networking and security threat landscape including:
Network fundamentals for example OSI stack, TCP/IP, DNS. HTTPS, firewall logs, packet capture and analysis.
Cloud technologies (AWS, Google Cloud, Azure)
Active Directory, Group Policies, PowerShell
Endpoint protection applications (Antivirus, Web Filtering, ATP, Encryption)
IDP/IPS Systems
SIEM tools (such as Splunk)
SOAR is an added advantage
Knowledge of malware capabilities, attack vectors and impact.
Knowledge of the MITRE ATT\&CK framework to understand threat actors and how to mitigate them.
Knowledge and experience in threat analysis.
Training or educating network users about security protocols.
Administration of network firewalls.
Troubleshooting and problem-solving skills.
Identification of security areas that can be improved, and the implementation of solutions to those areas.
Dependability and flexibility, being on-call or available outside of regular work hours.
Security Information and Event Management (SIEM).
TCP/IP, computer networking, routing and switching.
C, C++, C#, Java or PHP programming languages.
IDS/IPS, penetration and vulnerability testing.
Firewall and intrusion detection/prevention protocols.
Windows, UNIX and Linux operating systems.
Network protocols and packet analysis tools.
Anti-virus and anti-malware.
Various certifications including Security+, CEH, GIAC, CASP, CISSP.

Personal qualities:

Confident with customer interactions, including face-to-face, web-ex and internal conversations.
Excellent interpersonal skills sufficient to develop professional relationships and rapport amongst key stakeholders
Strong team player
Genuine enthusiasm and drive to work within cyber security.
Excellent customer service skills
Good written skills to write explanations of systems, regulations and or procedures.
Good verbal communication
Ability to identify and suggest continual improvement
Good analytical and problem-solving skills
Ability to adapt to organisational change
Proven ability to manage varied workload
Ability to work unsupervised and under pressure.
Ability to effectively prioritize and execute tasks in a high-pressure environment
A Self Starter with the ability to lead and drive change through an organisation.
CEH, CISSP, PMP, GCIH, GSCE, or related certifications.
Excellent communication and leadership skills.
Knowledge on vendor management.
Ability to handle high-pressure situations.
Analytical and problem-solving skills.

Location

Remote

% of Travel Required

0-10%

Physical Requirements

Prolonged periods of sitting at a desk and working on a computer.

CyberClan is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.