Cybersecurity Operations Center

Roles and Responsibilities:

• Lead and coordinate the response to critical and complex security incidents, guiding SOC L1 and L2 analysts during investigations.
• Conduct advanced incident analysis and provide actionable recommendations for incident containment.
• Proactively hunt for advanced threats, APTs, and sophisticated attack patterns within client networks.
• Perform in-depth cyber threat analysis to understand attack vectors and tactics, techniques, and procedures (TTPs) used by threat actors.
• Conduct advanced digital forensics and memory analysis to identify root causes and perform post-incident investigations.
• Perform detailed malware analysis and reverse engineering to understand malware behavior and capabilities.
• Integrate threat intelligence from various sources into the MSSP’s security operations to improve threat detection and response effectiveness.
• Collaborate with threat intelligence teams to enhance the MSSP’s threat intelligence capabilities.
• Develop and update incident response playbooks and standard operating procedures (SOPs) to address emerging threats.
• Provide cybersecurity consulting and advisory services to clients, offering strategic guidance on security best practices and risk management.
• Act as a primary point of contact for key clients, ensuring effective communication and a clear understanding of their security needs.
• Build strong relationships with clients by understanding their business goals and aligning MSSP services accordingly.
• Establish and track key SOC performance metrics, incident trends, and key performance indicators (KPIs).
• Provide regular reports to MSSP management, clients, and stakeholders.
• Provide strong leadership to SOC L1 and L2 analysts, fostering a collaborative and high-performing team environment.
• Mentor junior analysts, guiding their career development and enhancing their technical skills.
• Collaborate with internal MSSP teams such as threat intelligence, threat hunting, and engineering to enhance overall client security posture.

• In-depth knowledge of networking concepts, TCP/IP, network protocols, security architecture, and modern security technologies.
• Proficiency in using SIEM, IDS/IPS, firewalls, EDR, and other security tools.
• Advanced skills in scripting and programming languages for automation and analysis.
• Strong analytical skills to investigate complex security incidents and devise effective solutions.
• Excellent verbal and written communication skills to document incidents, write reports, and interact with team members, stakeholders, and clients.
• Previous experience in leading and managing a team of cybersecurity professionals.
• Deep understanding of threat intelligence sources, threat actors, and advanced cyber-attack techniques. Proven experience in leading incident response efforts for complex incidents.
• Strong experience in digital forensics, memory analysis, and advanced malware analysis.

Education: Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field is typically required.

Certifications: Hold one or more certifications such as, GCFA, GCIA, GCIH, GREM

Experience: Minimum of 5 years or more of progressive experience in a cybersecurity role, with extensive hands-on experience in a SOC environment.