Role and responsibilities
WatchGuard’s MDR Service protects the IT infrastructures across WatchGuard’s global client base. At the heart of this service is MDR Service’s SOC, responsible for the detection and immediate response of any threats WatchGuard’s MDR Service customers face.
The SOC Manager for WatchGuard’s MDR Service is responsible for the readiness of SOC operations to stay ahead of the constantly evolving threat landscape. The SOC Manager drives the processes and integration of tools that enable the SOC to scale to its expanding global coverage. As a key innovator within the MDR Service team, the SOC Manager will offer strategic insight on emerging SOC tools, processes, and automation.
Responsibilities
- Oversee daily operations of the SOC team.
- Ensure the readiness of the MDR SOC to meet any threats, current or emerging, in the threat landscape.
- Propose and champion SOC-driven initiatives to improve upon WatchGuard’s MDR Service.
- Identify and manage security threats, attack vectors and data source integration, as well as the creation and monitoring of use cases.
- Ensure the integrity of customer data sources and their integration with SOC tools.
- Define processes and procedures to achieve operational objectives and ensure compliance.
- Lead security incident response processes, as well as possible forensic analysis.
- Design and inform senior management on key performance indicators of SOC operations.
- Ensure the SOC always meets or exceeds the service level agreements for MDR Service customers.
- Manage the MDR SOC’s relationship and integration with all teams supporting the MDR Service
- Continuously improve MDR SOC process to ensure customer satisfaction.
- Promote and assist in orchestration and automation of the MDR SOC’s capabilities and integration with MDR Service customers.
- Define and promote professional development within the SOC team.
- Supervise, provide, and propose training for SOC team members.
- Ensure business continuity.
Requirements
- Demonstrable experience in SOC management.
- Experience working with Security, Orchestration, Automation, and Response (SOAR) platforms
- In-depth knowledge and experience of managed detection and response involving cloud services and cloud computing, in particular Microsoft 365.
- Knowledge of the latest security threats and the tactics, techniques, and procedures used by threat actors.
- Experience with the deployment and management of orchestration and automation solutions.
- Demonstrable experience with IBM QRadar SIEM is a plus.
- Knowledge of incident response, forensics, malware analysis and related tools.
- Professional proficiency of English (C1).
Relevant Certifications
- ISC2 Certified Information Systems Security Professional (CISSP)
- ISC2 Certified Cloud Security Professional (CCSP)
- CompTIA Advanced Security Practitioner (CASP)
- ISACA Certified Information Security Manage (CISM)
- GIAC Security Leadership (GSLC)
- GIAC Certified Incident Handler (GCIH)
•
Last updated on Sep 10, 2024