SOC Manager

SOC Manager

Whitehall Resources are looking for a SOC Manager. This role is hybrid working with 2-3 days per week onsite in Warwickshire, and the remainder remote working, for an initial 6-month contract.

*Inside IR35*

Job Description:

• Establish goals and priorities by working closely with your team to identify the most critical focus areas. These include:
  • Improving incident response times
  • Reducing false positives and other extraneous alerts
  • Enhancing threat detection capabilities
• Oversee your staff's activities and ensure they focus on the right priorities
• Oversee SOC activities by reviewing your team's performance metrics, incident reports and other key indicators
• Lead incident response efforts when a security incident occurs, the SOC team has to respond as quickly as possible
• Lead these efforts by establishing clear incident response procedures and protocols and conveying them to the team
• Analyse incident reports to understand your organization's security posture by reviewing incident reports, SOC managers identify patterns and trends that may indicate weaknesses or vulnerabilities in their security defences
• Serve as the point of contact (POC) for security incidents within the company. You are the primary liaison between the SOC team, other internal stakeholders, and external parties such as vendors, clients or regulatory bodies.
• Be responsible for conducting information security investigations as a result of security incidents. These are previously identified by the Level 2 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone) End to end security incident management. You will play a key role in providing the highest level of technical expertise and handling the most complex security incidents.
• Report to the Customer about security operations. This means that you must keep the CISO and Head of security operations informed about everything that's happening in the operations centre. You can do this by preparing clear and concise reports that highlight key findings, and recommendations about the operations. Your reports will help the customer make informed decisions about security investments and strategies that align with the company's goals.

Your responsibilities:

• Manage service and process improvements of SOC, auditing SOC incidents, identifying new use cases and automations
• POC for SOC engineering team, threat intelligence analyst and Threat exposure management
• Act as a point of escalation for Level-2 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques
• Act as the lead coordinator to individual information security incidents
• Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks (tools, techniques, Procedures) in support of technologies managed by the Security Operations Centre.
• Document incidents from initial detection through final resolution
• Ensure threat management, threat modelling, identify threat vectors and develop use cases for security monitoring
• Create reports, dashboards, metrics for SOC operations and presentation to Sr. Mgmt.
• Act as focal point for any investigations involving security; to prepare reports and note follow up action
• Participate in the role of Incident Manager during any incidents and emergencies
• Ensure that all business recovery/contingency plans and/or procedures held within the security control rooms are always kept up to date
• Coordinate with IT teams on escalations, tracking, performance issues, and outages

Essential skills and experience:

• Strong knowledge in Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM) and SOC advancements such as EDR and SOAR
• Good knowledge of SIEM technologies, like Google Chronicle, Splunk ES or QRadar
• In-depth familiarity with security policies based on industry standards and best practices
• Experienced within the information security field, with emphasis on security operations, incident management, intrusion analysis, security device installations, configuration, and troubleshooting (e. g., Firewall, IDS, etc.)
• Experience in Log source integration and in Developing new correlation rules & Parser writing
• Experienced in SOC automation development, cloud operations (e. g. AWS), Designing, building security operations centers and Regulatory Compliance
• Ability to lead and communicate efficiently within a team environment along with Incident management process development and/or incident management experience
• Solid understanding of information technology and information security required
• Excellent communication and presentation skills with demonstrated skill in presenting analytical data effectively to varied audiences (including executives)
• Ability to work well under pressure with differing levels of Management

Desirable skills and experience:

• Experience of Agile ways of working.

All of our opportunities require that applicants are eligible to work in the specified country/location, unless otherwise stated in the job description.

Whitehall Resources are an equal opportunities employer who value a diverse and inclusive working environment. All qualified applicants will receive consideration for employment without regard to race, religion, gender identity or expression, sexual orientation, national origin, pregnancy, disability, age, veteran status, or other characteristics.