As a Fusion SOC Shift Lead you will support theSecurity Operations Center (SOC) as a lead, performing threat actor-basedinvestigations, recommending detection methodologies, and providing expertsupport to incident response and monitoring functions.
- Act as the main interface point between Service Delivery Managers and SOC service teams
- Act as an escalation point and/or SME for all advanced security incident escalations from L1 analysts
- Responsible for all SOC shift activities
- Perform review and final sign off-of all runbooks and playbooks
- Assign and prioritize tasks/tickets to the SOC shift team
- Manage ticket queues including escalation of outstanding tickets, tickets requiring updates, and escalation of open tickets where necessary
- Provide guidance on process and procedures specific to the clients monitoring environment
- Responsible for meeting Service Level Agreement (SLA) requirements
- Ensure quality standards are being met by doing ticket audits and reviewing and completing shift turnover logs
- Responsible for leading SOC shift handover calls
- Provide continuous improvement and on the job training (OJT) for SOC analysts
- Manage PTO requests and other schedule issues that impact SOC operations
- Coordinate with Cyber Security Engineers to resolve Security information and event management (SIEM) health issues
- Coordinate with Service Delivery Managers (SDMs) to enforce specific client requests and provide monitoring updates
- Coordinate with SDM to process and complete non-JIRA incidents
- Monitor and provide feedback/guidance on incident tickets on trends, patterns and anomalies
- Point of escalation for operations/security issues
- Ensure quality of FMS SOC service delivery, including policies and Service Level Agreements are met
- Assist with analytic investigative support of large scale and complex security incident
- Communicate SOC client service delivery issues to SDM and coordinate remediation
- Attend client calls as and when needed to assist SDMs with dissemination of security and event information
- Familiarity with tools such as: IDS/IPS, DLP, Proxy, WAF, EDR, AV, MVM, Sandboxing, FWs, Threat Intel, Pen Testing, APT
- Analysis of network data (e.g., packets, logs) and endpoint data (e.g., logs, malicious artifacts) in both structured and unstructured methods using SIEM and various tools
- Review SOC reports and deliverables
- Manage security event investigations, partnering with other teams as needed
Actively seekself-improvement through continuous learning and pursuing advancement to a SOC Manager
Qualifications
Required:
- Bachelor ofScience with a concentration in computer science, information systems,information security, math, decision sciences, risk management, engineering(mechanical, electrical, industrial) or other business/technology disciplinesor equivalent work experience
- Overall 2+ years working in a SOC and a minimum of 6 months in an L2 analyst or equivalent capacity and/or strong security technology operations experience as a Senior Analyst/ Shift Lead
- CertifiedInformation Systems Security Professional (CISSP),Certification in CertifiedIntrusion Analyst (GIAC),Continuous Monitoring (GMON),Certified EthicalHacker (CEH) or equivalent
- Able to work shifts on a rotating basis for 24/7 operational support
- Experience insecurity technologies such as: Security information and event management(SIEM),IDS/IPS, Data Loss Prevention (DLP),Proxy, Web Application Firewall(WAF),Endpoint detection and response (EDR),Anti-Virus, Sandboxing, network-and host- based firewalls, Threat Intelligence, Penetration Testing, etc.
- Knowledge ofAdvanced Persistent Threats (APT) tactics, technics and procedures
- Understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity, etc.
- Understanding of common network infrastructure devices such as routers and switches
- Understanding of basic networking protocols such as TCP/IP, DNS, HTTP
- Basic knowledge in system security architecture and security solutions
Preferred:
- Provenability to translate complex information sets into specific recommendationsthat can be actioned by customers to enhance their security posture
- Workingknowledge of threat analysis and enterprise level mitigation strategies
- Workingknowledge of how malicious code operates and how technical vulnerabilities areexploited
- Workingknowledge of operating systems and networking technologies in general
- Workingknowledge of cyber threats, defenses, motivations and techniques
- Excellentinterpersonal and organizational skills
- Excellentoral and written communication skills
- Stronganalytical and problem-solving skills
- Self-motivatedto improve knowledge and skills
- Astrong desire to understand the what as well as the why and the how of securityincidents