Job role: MDR (SOC ) & Operations lead

US - Pleasanton, California (preferred); but the role can be remote

Hands on Exp Splunk, SIEM tool, SOAR | EDR Tools | Work timings: 9 to 5pm PST

MDR (SOC ) & Operations lead

Guiding and motivating MDR (SOC) offshore team to maintain a strong and effective security posture.
Coordinating and leading incident response efforts to swiftly address and contain security incidents.
Managing and optimizing Splunk tools and technologies within the SOC for efficient threat detection and response.
Providing training and mentorship to SOC analysts to enhance their skills and capabilities.
Identifying areas for improvement in processes, technologies, and strategies to enhance the overall effectiveness of the SOC.
Reporting: Generating and presenting regular reports on security incidents, trends, and the overall security status to leadership.
Emergency Response: Being on call for incident escalations and emergency response, ensuring a rapid and effective reaction to critical security events.
Threat Hunting: Proactively search for signs of malicious activity or indicators of compromise (IOCs) within the customer's endpoints assets. Use advanced techniques such as data analytics, anomaly detection, and behavioral analysis to identify potential threats that may have evaded initial detection.
Conduct in-depth investigations of compromised endpoints to determine the root cause of an incident, gather evidence, and understand the extent of the compromise. Utilize techniques -MITRE &ACK.
Develop and implement strategies to contain and isolate advanced malware or sophisticated threats discovered within the customer's systems. This may involve creating custom detection rules, leveraging sandboxing or virtualization technologies, and utilizing threat intelligence feeds to enhance containment capabilities.
Security Analytics and Visualization: Leverage Splunk advanced reporting and analytics capabilities to gain insights into security events, trends, and patterns. Use visualization techniques to identify relationships between events and potential threat campaigns, aiding in proactive threat detection and response.
Leverage threat feeds, reputation services, and threat intelligence platforms to enrich alerts and improve the accuracy of threat detection.
Incident Response and Remediation: Develop and follow incident response playbooks aligned with Splunk SIEM capabilities. Coordinate with customer internal teams to effectively respond to security incidents, contain threats, and remediate affected systems.
Security Configuration Management: Continuously review and optimize the configuration of Splunk environment to align with industry best practices and the customer's security requirements. Ensure log monitoring configured and monitored.
Threat Simulation and Red Teaming Support Coordinate customer red teams to support controlled simulations of real-world attack scenarios to test the effectiveness.
Automation and Orchestration: Leverage automation and orchestration Splunk to streamline and accelerate security operations. Develop scripts or workflows to automate repetitive tasks, such as triaging alerts, gathering additional information, and initiating containment actions.