SOC Manager

Job description

Key Responsibilities:
**SOC Leadership & Operations**:

- Build from scratch, Establish, manage, and continuously improve a 24x7 Security Operations Center (SOC) for proactive monitoring, detection, and response to cybersecurity incidents and threats.
- Lead, supervise, and mentor a team of L1 & L2 SOC analysts, providing training and professional development to ensure operational excellence and adherence to best practices in incident handling and response.
- Oversee daily SOC operations, including threat monitoring, incident escalation, and triage, ensuring appropriate procedures are followed in line with internal and regulatory requirements.
- Develop, implement, and continuously improve SOC processes, playbooks, and standard operating procedures (SOPs) to ensure effective and timely incident detection and response.

**Cybersecurity Monitoring & Incident Response**:

- Implement and optimize Microsoft Sentinel and other SIEM tools (e.g., Splunk) for real-time threat detection and response.
- Drive the integration of advanced detection capabilities such as AI/ML-based tools and threat intelligence feeds into the SOC environment.
- Lead the investigation, analysis, and management of security incidents, ensuring timely and thorough responses in accordance with the organization’s incident response plan.
- Coordinate with internal teams to conduct root cause analysis of major security incidents and recommend corrective actions to prevent future occurrences.

**Security Frameworks & Compliance**:

- Ensure the SOC is aligned with key cybersecurity frameworks and standards, including NIST, MITRE ATT&CK, and the ISO 27000 series.
- Ensure SOC operations comply with cybersecurity regulations and guidelines set by entities like DNB, NACSA, MCMC. Continuous Improvement & Threat Intelligence:

- Drive ongoing evaluation and enhancement of SOC capabilities to keep up with evolving cyber threats and emerging technologies.
- Maintain a strong network of threat intelligence sources and integrate threat intelligence into daily operations for proactive threat hunting and defense.
- Stay current on the latest cyber threats, vulnerabilities, and attack techniques to ensure the SOC remains at the forefront of cybersecurity defense.
- Implement and refine threat-hunting strategies and enhance detection mechanisms using both manual and automated processes.

**Collaboration & Reporting**:

- Serve as the primary point of contact for all SOC-related matters, providing regular updates on the SOC’s performance, incident metrics, and security posture to senior leadership.
- Work cross-functionally with IT, network security, and compliance teams to improve overall cybersecurity resilience. - Produce reports and dashboards on SOC operations, threat intelligence, and incident response to be presented to stakeholders, including senior management and external auditors.

**Key Requirements: Education & Experience**:

- Bachelor’s degree in IT/Cybersecurity, Computer Science, or a related field.
- At least 8 years of experience in cybersecurity operations or threat management, with 4+ years in a leadership or managerial role within a SOC environment.
- Hands-on experience with Microsoft Sentinel and other SIEM solutions (e.g., Splunk).
- Proven experience in building, managing, and optimizing a 24x7 SOC.
- In-depth knowledge and experience with cybersecurity frameworks such as NIST CSF, MITRE ATT&CK, ISO 27001.
- Familiarity with Malaysian cybersecurity regulations from authorities such as DNB, NACSA, and MCMC, and experience ensuring SOC compliance with these regulations. Technical Skills:

- Strong understanding of security tools and technologies, including SIEM platforms, EDR, XDR, IDS/IPS, firewalls, threat intelligence, and Attack Surface Management platforms.
- Solid experience with network security, endpoint security, cloud security, and incident detection and response.
- Hands-on experience in developing and maintaining security monitoring, detection, and response strategies using Microsoft Sentinel.
- Knowledge of threat intelligence platforms and integrating threat feeds into SOC operations.
- Familiarity with automation tools for incident response and playbook creation

**Soft Skills**:

- Excellent leadership, management, and mentoring skills, with the ability to lead a high-performing team.
- Strong problem-solving and decision-making abilities, especially in high-pressure situations.
- Exceptional communication skills, capable of explaining complex security incidents and risks to non-technical stakeholders.
- Ability to work collaboratively with cross-functional teams, including IT, development, and compliance teams. Certifications (preferred): - CISSP (Certified Information Systems Security Professional)
- CISM (Certified Information Security Manager)
- CISA (Certified Information Systems Auditor)
- CEH (Certified Ethical Hacker)