·
Act as the main interface
point between Service Delivery Managers and SOC service teams
·
Act escalation point for all
advanced security incident escalations from L2 analysts
·
Responsible for all SOC shift
activities
·
Perform review and final sign
off-of all runbooks and playbooks
·
Assign and prioritize
tasks/tickets to the SOC shift team
·
Manage ticket queues
including escalation of outstanding tickets, tickets requiring updates, and
escalation of open tickets where necessary
·
Provide guidance on process
and procedures specific to the clients monitoring environment
·
Responsible for meeting
Service Level Agreement (SLA) requirements
·
Ensure quality standards are
being met by doing ticket audits and reviewing and completing shift turnover
logs
·
Responsible for leading SOC
shift handover calls
·
Provide continuous
improvement and on the job training (OJT) for SOC analysts
·
Manage PTO requests and other
schedule issues that impact SOC operations
·
Coordinate with Cyber
Security Engineers to resolve Security information and event management (SIEM)
health issues
·
Coordinate with Service
Delivery Managers (SDMs) to enforce specific client requests and provide
monitoring updates
·
Coordinate with SDM to
process and complete non-JIRA incidents
·
Monitor and provide
feedback/guidance on incident tickets on trends, patterns and anomalies
·
Point of escalation for
operations/security issues
·
Ensure quality of FMS SOC
service delivery, including policies and Service Level Agreements are met
·
Assist with analytic
investigative support of large scale and complex security incident
·
Communicate SOC client
service delivery issues to SDM and coordinate remediation
·
Attend client calls as and
when needed to assist SDMs with dissemination of security and event information
·
Familiarity with tools such
as: IDS/IPS, DLP, Proxy, WAF, EDR, AV, MVM, Sandboxing, FWs, Threat Intel, Pen
Testing, APT
·
Analysis of network data
(e.g., packets, logs) and endpoint data (e.g., logs, malicious artifacts) in both
structured and unstructured methods using SIEM and various tools
·
Review SOC reports and
deliverables
·
Manage security event
investigations, partnering with other teams as needed
·
Actively seek
self-improvement through continuous learning and pursuing advancement to a SOC
Manager
·
2+ years working in a SOC
and/or strong security technology operations experience
·
Certified Information Systems
Security Professional (CISSP), Certification in Certified Intrusion Analyst
(GIAC), Continuous Monitoring (GMON), Certified Ethical Hacker (CEH) or
equivalent
·
Able to work shifts on a
rotating basis for 24/7 operational support
·
Experience in security
technologies such as: Security information and event management (SIEM),
IDS/IPS, Data Loss
V 0.0.1