Lead Analyst - SOC Monitoring (CPX)

Overview:

The Lead SOC Analyst is responsible for managing the day-to-day activities of the SOC Monitoring, Incident Detection, and Response Operations. The role involves collaborating with internal and client teams to identify and respond to threats and vulnerabilities and providing technical expertise and guidance to support incident response efforts. This position requires strong technical expertise, leadership skills, and the ability to mentor and develop team members.

Responsibilities:

SOC Operations Management:

• Lead and manage daily SOC activities and ensure efficient monitoring of security systems.
• Ensure incident handling aligns with defined SLAs and escalation procedures.

Incident Response & Threat Management:

• Coordinate and lead incident response efforts.
• Analyze and respond to complex threats using threat intelligence and advanced detection techniques.
• Lead major incident investigations and coordinate with other teams such as Incident Response, Threat Hunting, and CTI functions.

Team Leadership & Development:

• Mentor and guide SOC analysts.
• Conduct training sessions and promote continuous learning.

Security Tools & SIEM Management:

• Correlate security events from SIEM, EDR, Firewall, IDS/IPS etc.
• Work closely with IT, Cloud, Application, Risk, and Security teams for cross-functional incident handling.
• Identify automation opportunities to reduce mean time to detect (MTTD) and mean time to respond (MTTR).

Threat Hunting & Vulnerability Management:

• Proactively identify threats lurking in the environment by conducting threat hunting exercises.
• Work closely with CTI and Threat Hunters to integrate IOCs, TTPs, and MITRE ATT&CK coverage to enhance detection posture overall.

Qualifications:

Bachelor’s degree in engineering, computer science, information systems, or quantitative fields.

• ISC² Certified Information Systems Security Professional (CISSP)
• CISM Certified Information Security Manager
• GIAC Certifications
• Minimum of 10+ years’ relevant experience or working in a large-scale ICT environment focused on Information/Cyber Security.
• High-level understanding of TCP/IP protocol and OSI Seven Layer Mode.
• Knowledge of security best practices and concepts.
• Knowledge of Windows and/or Unix-based systems/architectures and related security.
• Sound level of knowledge of LAN/WAN technologies.
• Must have a solid understanding of information technology and information security.
• Expertise in incident response and handling methodologies.
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, covert channel, replay attacks, malicious code).
• Experience with SIEM tool – preferably proficient with developing correlation rules, dashboards, and custom searches.
• Experience with automated incident response tools (PSTools, Sysmon, Carbon Black, etc.).
• Experience with packet capture and analysis (tcpdump/windump, Wireshark, etc.).