Associate Manager - Security Operations Center

Associate Manager-SOC

• Responsible for handling day-to day operations to monitor, identity, triage and investigate security events from various Endpoint (EDR), Network and Cloud security tools and detect anomalies, and report remediation actions. 

• Responsible for detecting and responding to security incidents, coordinating cross-functional teams to mitigate and eradicate threats. 

• Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership. 

• Work with key stakeholders to implement remediation plans in response to incidents. 

• Author Standard Operating Procedures (SOPs) and training documentation when needed. 

• Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty. 

• Responsible for working in a 24/7 environment including night shifts and the shifts are decided based on the business requirement. 

• Conduct malware analysis, host and network, forensics, log analysis, and triage in support of incident response. 

• Security Utilize state of the art technologies such as host forensics tools (FTK/Encase), Endpoint Detection & Response tools, log analysis (Sentinel) and network forensics (full packet capture solution) to perform hunt and investigative activity to examine endpoint and network-based data. 

• Recognize attacker and APT activity, tactics, and procedures as indicators of compromise (IOCs) that can be used to improve monitoring, analysis, and incident response. 

• Develop and build security content, scripts, tools, or methods to enhance the incident investigation processes. 
  
  

Educational qualifications: 

• Bachelor’s degree relevant to Information Technology, Computer Science/Engineering (or equivalent). 

• Advanced certification desirable GCIH, GCIA, GCFE, GREM, GCFA, GSEC 

 

Experience: 

• Minimum 4-8 years in an Incident Responder/Handler role  

• Strong experience in SIEM (Security Incident and Event Monitoring) processes and Products (e.g., ArcSight, Microsoft Sentinel etc.)  

• Full understanding of Tier 1 responsibilities/duties and how the duties feed into Tier 2.  The ability to take lead on incident research when appropriate and be able to mentor junior analysts. 

• Advanced knowledge of TCP/IP protocols 

• Knowledge of Windows, Linux operating systems 

• Knowledge of Intrusion Detection Systems (IDS) and SIEM technologies; Splunk or Sentinel experience 

• Knowledge on threat hunting 

• Deep packet and log analysis 

• Some Forensic and Malware Analysis 

• Cyber Threat and Intelligence gathering and analysis. 

• Bachelor’s degree or equivalent experience 

Experience Level

Mid Level