SOC Manager

• Provides supervision and oversight for the Security Operations Center Team
• Assumes full responsibility and accountability for ensuring that all SOC customers receive world-class service from all Security Analysts assigned to the Security Operations Center team
• Provides oversight, guidance, mentorship, and management of all Security Analysts assigned to the Security Operations Center
• Leads post-incident review meetings to capture lessons learned following the resolution of critical events 
• Ensures key Security Operations actions incorporate relevant customer impact considerations by engaging key stakeholders and communicating relevant facts and known/suspected implications of technical decisions
• Validates that Security Operations activities adequately address customer requirements for all MSS services
• Implements the Security Operations training plan as directed by the Co-Head(s) of Global SOC Operations and develops the training plan for Security Operations Center staff
• Supervise operations in deterring, identifying, monitoring, investigating, and analyzing computer network intrusions.
• Supervises complex event investigation and incident declaration
• Ensure events are properly identified, analyzed, and escalated to incidents.
• Hunt for suspicious activity based on anomalous activity and indicators of compromise from various intelligence feeds and toolsets.
• Participate in the response, investigation, and resolution of security incidents.
• Create knowledge base articles for handling medium and high severity incidents.
• Assist in the advancement of security policies, procedures, and automation.
• Provide incident investigation, handling, and response to include incident documentation.
• Develop incident response reporting and policy updates as needed.
• Serve as the technical escalation point and mentor for lower-level analysts
• Regularly communicate with customer IT teams to inform them of issues, help them remediate, and ensure that they continue to operate business as usual
• Maintain a strong awareness of the current threat landscape.

• Excellent teamwork skills
• Knowledge of and experience with intrusion detection/prevention systems and SIEM software
• Advanced knowledge and understanding of network protocols and devices.
• Advanced experience with Mac OS, Windows, and Unix systems.
• Ability to analyze event logs and recognize signs of cyber intrusions/attacks
• Ability to handle high pressure situations in a productive and professional manner.
• Ability to work directly with customers to understand requirements for and feedback on security services
• Advanced written and verbal communication skills and the ability to present complex technical topics in clear and easy-to-understand language
• Strong teamwork and interpersonal skills, including the ability to work effectively with a globally distributed team
• Able and willing to work in a 24/7/365 environment, including nights and weekends
• Ability to provide create signatures for security tools
• Familiarity with tools such as Wireshark, TCP Dump, Security Onion, and Splunk
• Strong knowledge of the following:
  • SIEM
  • Packet Analysis
  • SSL Decryption
  • Malware Detection
  • HIDS/NIDS
  • Network Monitoring Tools
  • Case Management System
  • Knowledge Base
  • Web Security Gateway
  • Email Security
  • Data Loss Prevention
  • Anti-Virus
  • Network Access Control
  • Encryption
  • Vulnerability Identification

• Experience in network/host vulnerability analysis, intrusion analysis, digital forensics, penetration testing, or related areas
• 8+ years of hands-on SOC/TOC/NOC experience
• GCIA and/or GCIH required. GCFA, GCFE, CISSP, Security +, Network +, CEH, RHCA, RHCE, MCSA, MCP, or MCSE preferred
• Familiarity with tools such as IDA Pro, PEiD, PEview, Procmon, Snort, Bro, Kali Linux, Metasploit, NMAP, and Nessus
• Familiarity with GPO, Landesk, or other IT Infrastructure tools
• Understanding and/or experience with one or more of the following programming languages: .NET, PHP, Perl, Python, Java, Ruby, C, C++

• Minimum bachelor’s degree in Information Security, Computer Science, or another IT-related field. Exceptional candidates with proven experience in security/network operations will also be considered

BlueVoyant Candidate Privacy Notice

To understand how we secure and manage your personal data upon submitting a job application, please see our Candidate Privacy Notice, which can be found here - Candidate Privacy Notice