Security Operations Engineer 2

What will you be responsible for

• Leads the creation and maintenance of SOC Playbooks, SOPs and Training materials, managing shifts, onboarding, and training for SOC Engineers.
• Maintain, manage, and update the process for the operating model for the security monitoring capability.
• Experience with writing/creation of formal documentation such as reports, slide decks, and architecture diagrams
• Participating and creation of detailed Incident Reports and contribute to lessons learned in collaboration with the appropriate team
• Responsible for the development and implementation of operational processes and standards for security incident response and operational security tasks for IT System.
• Provide oversight and direction in the management of the information security monitoring capability as a whole - process and technology
• Utilize ticketing system and standard operating procedures for effective call processing and escalation to adhere to Service Level Agreement (SLA)
• Support and participate in SOC engineering efforts such as tool integration, development of automation, scripts, testing of new tools and evaluation of new technologies
• Knowledge of threat centric framework Cyber Kill chain and NIST Cyber Security Framework.
• Ensure that the incident response processes are kept up-to date and well-rehearsed during any real cyber-attacks or cyber drill.

What would your work week look like

• Collaborate with the other security teams to contain and investigate major incidents
• Perform all tasks required per shift including reporting, monitoring, and turnover logs
• Evaluate the type and severity of security events by making use of packet analyses and in-depth understanding of exploits and vulnerabilities
• Perform security log analysis during Information Security related events, identifying and reporting possible security breaches, incidents, and violations of security policies
• Oversee emerging cyber threats, proactive modelling, threat validation
• Escalate critical incidents that require management attention in a timely manner and provide timely updates.
• Conduct Cyber Incident Response Team (CIRT) activities, including forensic analysis