What are the responsibilities and job description for the Security Operations Center Manager position at MindPoint Group, A Tyto Athene Company?
Department: Security Operation Center (SOC)
Location: Columbia, SC
MindPoint Group is seeking a Security Operations Center (SOC) Manager to join our growing team.
Responsibilities
Location: This role is onsite in Columbia, SC or Washington, DC; travel up to one week per quarter
Location: Columbia, SC
MindPoint Group is seeking a Security Operations Center (SOC) Manager to join our growing team.
Responsibilities
- Oversee the SOC and coordinate all activities for event and incident analysis, cyberthreat intelligence collection, and threat hunt
- Develop training plans for SOC engineer and analysts; mentor and grow SOC personnel
- Drive continual process and procedure improvement by developing workflows and integration points across all SOC teams
- Supervise the development of detection use cases based on available log sources; identify missing log sources and advocate for their inclusion
- Serve as technical expert and liaison to law enforcement personnel and explain incident details as needed
- Coordinate with intelligence analysts to correlate threat assessment data
- Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy
- Plan and recommend security modifications or adjustments based on exercise results or system environment
- Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity, weaknesses exploited, exploitation methods, and effects on systems and information
- Determine tactics, techniques, and procedures (TTPs) for intrusion sets; construct signatures that can be implemented on cyber defense network tools in response to new or observed threats
- Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts; ensure timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities
- Document and escalate incidents (including the event's history, status, and potential impact for further action) that may cause an ongoing and immediate impact on the environment; coordinate after-action reviews including lessons learned
- Notify stakeholders of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan; provide cybersecurity recommendations to leadership based on significant threats and vulnerabilities
- Analyze and report on network defense and security posture trends
- Work with stakeholders to resolve computer security incidents and vulnerability patching compliance
- Provide advice and input for disaster recovery, contingency, and continuity of operations plans
- Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings)
- Coordinate with third-party vendors and partners to ensure effective operational delivery of services and technologies
- Support cyberthreat intelligence reporting by monitoring open source intelligence to maintain the currency of cyber defense threat conditions and determine which security issues may have an impact on the enterprise.
- Bachelor's degree (or an additional 4 years of related experience)
- Active advanced cybersecurity certification is required (e.g., CISSP)
- Minimum five (5) years of advanced SOC experience including
- Advanced knowledge and experience providing technical leadership to an incident response team (i.e., in an "incident commander" role)
- Hands-on experience performing intrusion detection and large-scale incident response
- Experience maintaining and tuning IDS and IPS hardware and software
- Deep technical understanding of current and emerging cyber technologies
- Deep technical understanding of the full cyber threat/attack lifestyle, including attack vectors, methods, and TTPs
- Deep understanding and experience with intelligence-driven defense
- Mature understanding of industry SOC standards and best practices (e.g., OMB, NIST, US-CERT, etc.)
- Strong leadership, written and verbal communication, and analytical and problem-solving skills are required
- Ability to provide steady leadership in a high-pressure environment with changing priorities.
Location: This role is onsite in Columbia, SC or Washington, DC; travel up to one week per quarter