Security Operations Lead (SOC Lead)

Role - SOC and Cyber Defense Consultant

Location - Noida

Work Mode - Work from office

Budget - as per market

Experience - 8-10 years

DUTIES AND RESPONSIBILITIES

1. Lead and manage the Security Operations Center (SOC) team, partnering with our 3rd party SOC Managed Service Provider (one of the Big4), driving accountability, and prioritizing their efforts providing direction, and support to ensure the team's effectiveness and productivity. Serve as the main internal security operations point of contact for HMEL.

2. Partner with our 3rd party SOC Managed Service Provider, driving accountability and prioritizing their efforts.

3. Oversee the day-to-day operations of the SOC team, ensuring effective response to security incidents and alerts.

4. Oversee the management of our Managed Security Operation’s managed SIEM, XDR and NDR solutions, and Threat intel and brand protection platforms ensuring their optimal performance and effectiveness in detecting and responding to security incidents.

5. Lead the management and enhancement of MDR and Managed SIEM services, preferably expertise in Microsoft Sentinel and Trend Micro Vision One.

6. Collaborate with the SOC analysts and engineering team to define and implement SIEM rules, alerts, and correlation logic to improve the accuracy and efficiency of threat detection.

7. Provide guidance and support to the SOC team in the ingestion and analysis of logs from various systems and applications into the SIEM platform ensuring 100% log source integration.

8. Develop and implement SOC strategies, policies, and procedures to enhance the organization's security posture and incident response capabilities.

9. Oversee the monitoring and analysis of security events and incidents, ensuring timely detection, investigation, and response to potential threats or vulnerabilities.

10. Collaborate with cross-functional teams, outside of IT as and when required and also, with 3rd party partners, to ensure alignment and effective communication regarding security incidents and mitigation strategies.

11. Drive the continuous improvement of SOC processes and procedures to enhance efficiency and effectiveness.

12. Taking a proactive role in utilizing Threat Intelligence and Threat Hunting activities, ensuring the SOC is ahead of potential security threats.

13. Establish and maintain relationships with external partners, vendors, and industry peers to stay updated on emerging threats, best practices, and industry trends.

14. Conduct regular assessments and audits of SOC processes, systems, and controls to identify areas for improvement and ensure compliance with regulatory requirements.

15. Develop and deliver comprehensive reports and metrics on SOC performance, including incident trends, response times, and effectiveness and other SOC key performance indicators.

16. Stay abreast of the evolving cybersecurity landscape, emerging threats, and industry standards, providing recommendations for proactive security measures and continuous improvement of the SOC.

17. Take complete ownership of HMEL’s Threat Intelligence platform and conduct external brand monitoring, dark web monitoring, data breaches and other associated attack surfaces identified by the threat intelligence platform. Ensure the gaps are closed in a timely manner and any relevant advisories are communicated to SOC team or other relevant stakeholders proactively.

18. Manage security operations projects, including process improvement and technology investment.

19. Pursue an automation-first approach without compromising the quality and readiness of the SOC.

20. Access all the existing and new initiatives in HMEL for security clearance before implementation in production.

21. Drive the security architecture and implementation of new security technology solutions.

22. Own and drive the cloud security posture management for HMEL cloud platforms, govern and maintain the security posture under an acceptable low risk score.

23. Own and govern the operations of security technology solutions like IAM, PAM, Email security gateway, Firewalls, XDR, Cloud Security, Threat Intel, Zscaler web proxy, micro segmentation, NDR solutions.

24. Define best practices and conduct technical audits/assessments for the above mentioned cyber defense solutions part of continuous improvement and proactive defense to trending threat landscape

25. Conduct weekly security reviews with partners providing managed service. Recommend and drive best practice implementation for these security technologies to improve overall security posture

26. Own, execute and conduct various cyber maturity assessments like SOC CMM and NIST CSF. Plan and drive to reach the target maturity score with new initiatives or gap closures identified during the assessments.

27. Conduct POC for new initiatives, and drive implementation of new cyber solutions with support from implementation partners.

QUALIFICATIONS & EXPERIENCE:

Qualifications:

• The candidate must be a graduate engineer in Engineering, computer science, Information Security, or a related field.
• Relevant information security and governance certifications (e.g., CEH, CISSP, CISM, CCSK, ISO 27001/22301/20000 LA/LI, ITIL etc.) preferred.

Experience

• The candidate should have at least 8-10 years of experience in managing a Cyber Security Operations Center (SOC), with focus on managed security operation, cloud security, infra security and incident response etc.
• In-depth knowledge of security operations, incident response methodologies, and security technologies (SIEM, IDS/IPS, EDR/XDR/NDR, Firewall, Email security gateway, IAM, PAM, CSPM, web proxy tools etc.).
• Good knowledge on various industry leading cyber security frameworks including but not limited to MITRE ATT&CK, MITRE D3FEND, NIST CSF, CIS Controls, ISO/IEC 27001, OWASP etc.
• Strong networking concepts, including an in-depth understanding of TCP/IP protocols, firewall configuration, network segmentation, VPNs, etc.
• Strong understanding of Threat Intelligence, Threat Hunting, Vulnerability Management, and risk assessment frameworks.
• Experience in creating and refining SIEM rules, alerts, and correlation logic.
• Experience working in a fast-paced, dynamic environment, with the ability to prioritize and manage multiple security incidents simultaneously.
• Ability in enhancing SOC processes and implementing best practices in security operations.
• Security assessment and clearances as required for the new and existing applications / programs.
• Experience in deployment of security tools and solutions in a project mode.
• Understanding of operational technology (OT) security principles and best practices.
• Understanding and knowledge of IT Service management processes based on ISO 20000 or ITIL.
• Excellent communication skills, with the ability to collaborate effectively across departments and levels of the organization.

Email - kirti.rustagi@raspl.com