SOC operations lead oversees the day-to-day operations of a Security Operations Center (SOC). They are responsible for ensuring the smooth running of the SOC and the effectiveness of its incident response activities.
Oversee SOC activities: Monitor team performance metrics (SLA), incident reports, and other indicators to identify areas for improvement. Establish and track key performance indicators (KPIs) for SOC effectiveness.
Lead incident response: Guide the SOC team in investigating and resolving security incidents. Oversee the identification, investigation, and resolution of security incidents. Ensure continuous monitoring and analysis of security events.
Manage SOC tools and resources: Ensuring the SOC has the necessary tools and technologies to function effectively. Oversee the deployment, configuration, and management of security tools and technologies.
Develop and implement SOC policies, procedures, and playbooks.
Manage SOC team: Hiring, training, and performance management of security analysts.
Report to Senior Stakeholders: Develop and deliver regular reports on security incidents and SOC activities to senior management.
Collaboration: Work closely with other IT and security teams to ensure comprehensive security coverage.
Compliance: Ensure SOC operations comply with relevant regulations and standards.
7-10 years of experience in any one of the SIEM tool-MS Sentinel, Splunk, QRadar , LogRhythm.
Good experience in Threat Intelligence, Threat Hunting EDR, SOAR automation tools
Experience in SOC analysis-Triage and investigation of alerts, Qualifying alerts into Incidents.
Experience in incident response- Prioritization of incidents, Investigation and analysis of incidents
Team Management
Stakeholder Management.
Security Information Event Management