SOC Lead (SG)

What you'll do

• Build and lead an effective and intelligence-led Cyber Security Operations function to perform security monitoring, incident response, data loss prevention, vulnerability management, threat intelligence and threat hunting.
• Create, manage, and develop the roadmap and plans for the Cyber Operations to drive continuous improvement in maturity and capability, as well as implementation of new technology enhancements that support the Cyber Operations and define operational and efficacy metrics by which success will be measured.
• Utilize and understand the common data available from security tools, including Log Management, Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), firewall, intrusion prevention systems, Anti-Virus, Privileged Access Management and Data Loss Prevention (DLP) systems.
• Collaborates with technical teams to identify, resolve, and mitigate events
• Provides advice and guidance on the response action plans for information risk events and incidents based on incident type and severity
• Assists with containment of threats and remediation of environment during or after an incident
• Build and lead enhancements on incident response life cycle, security tools, SOAR playbook, IR runbooks and security processes for daily security operations. Develop and drive the cyber security awareness training and compliance program to foster a cybersecurity culture.
• Mentor and train Cyber Security Operations team and new hires, manage staffing levels and performance, and create the development plan to improve technical skillset as it matures.
• Lead response and investigation on cyber security incidents and threats.
• Stay abreast of the threat landscape by monitoring and researching on OSINT and related intelligence sources.

What we expect from you

• About 7+ years of experience in Security Incident Response, with experience in security operations, monitoring and conducting incident response activities.
• IR related certifications such as GCIH, GCFA, GCFE, is an advantage, but not a must.
• Hands-on experience and strong technical knowledge on SOC technologies and security controls such as SIEM, EDR, SOAR
• Possess strong technical understanding of cyber kill chain and how software vulnerabilities or misconfigurations can be exploited
• Software development or scripting (e.g. python)
• Hands-on experience in SOC operations, such as security monitoring, incident response and threat hunting/Analysis/Intelligence
• Strong leadership skills
• Self-motivated and strong ability to multi-task
• Strong critical thinking and problem-solving skills and a passion for information s
• Good understanding in microservices architecture, multi-cloud environment and varied operating systems (e.g., Windows, Linux, Mac, etc)
• Able to be on stand-by for on-call when the need arises.
• Strong stakeholder management skills with the ability to rapidly resolve conflicts between teams while ensuring security is not compromised.