Lead Analyst - CRS Operations (CPX)

Overview:

The Lead SOC Analyst is responsible for managing the day-to-day activities of the SOC Monitoring, Incident Detection, and Response Operations. The role involves collaborating with internal and client teams to identify and respond to threats and vulnerabilities and providing technical expertise and guidance to support incident response efforts. This position requires strong technical expertise, leadership skills, and the ability to mentor and develop team members.

Responsibilities:

SOC Operations Management:

• Lead and manage daily SOC activities and ensure efficient monitoring of security systems.
• Oversee the triage, investigation, and resolution of security incidents.
• Ensure incident handling aligns with defined SLAs and escalation procedures.

Incident Response & Threat Management:

• Coordinate and lead incident response efforts.
• Analyze and respond to complex threats using threat intelligence and advanced detection techniques.
• Oversee triage, investigation, and remediation of security events an incident.
• Lead major incident investigations and coordinate with other teams such as Incident Response, Threat Hunting, and CTI functions.

Team Leadership & Development:

• Mentor and guide SOC analysts.
• Conduct training sessions and promote continuous learning.

Security Tools & SIEM Management:

• Manage and optimize SIEM tools and other security technologies.
• Ensure effective integration of tools for comprehensive monitoring.
• Correlate security events from SIEM, EDR, Firewall, IDS/IPS etc.
• Validate and fine tune detection rules, correlation searches, and threat models.
• Identify automation opportunities to reduce mean time to detect (MTTD) and mean time to respond (MTTR).

Threat Hunting & Vulnerability Management:

• Proactively identify threats lurking in the environment by conducting threat hunting exercises.
• Oversee vulnerability scanning and patch management.
• Work closely with CTI and Threat Hunters to integrate IOCs, TTPs, and MITRE ATT&CK coverage to enhance detection posture overall.

Reporting & Compliance:

• Generate detailed reports on incidents, trends, and SOC performance.
• Ensure compliance with industry standards and regulatory requirements.
• Provide regular operational metrices and incident reports to senior management.

Collaboration & Strategy:

• Work closely with IT, Cloud, Application, Risk, and Security teams for cross-functional incident handling.
• Contribute to the development of security policies and procedures.

Qualifications:

Education

Bachelor’s degree in engineering, computer science, information systems, or quantitative fields.

Skills/Certifications

• ISC² Certified Information Systems Security Professional (CISSP)
• CISM Certified Information Security Manager
• GIAC Certifications

Minimum Work Experience

• Minimum of 10+ years’ relevant experience or working in a large-scale ICT environment focused on Information/Cyber Security.
• High-level understanding of TCP/IP protocol and OSI Seven Layer Mode.
• Knowledge of security best practices and concepts.
• Knowledge of Windows and/or Unix-based systems/architectures and related security.
• Sound level of knowledge of LAN/WAN technologies.
• Must have a solid understanding of information technology and information security.
• Expertise in incident response and handling methodologies.
• Knowledge of Cyber kill chain, blockchain, and other IR frameworks.
• Knowledge of Defense-in-depth techniques.
• Knowledge of security event correlation and analytics tools
• Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, covert channel, replay attacks, malicious code).
• Experience with SIEM tool – preferably proficient with developing correlation rules, dashboards, and custom searches.
• Experience with automated incident response tools (PSTools, Sysmon, Carbon Black, etc.).
• Experience with packet capture and analysis (tcpdump/windump, Wireshark, etc.).
• Knowledge of server, network devices, security devices and diagnostic tools, and fault identification techniques