Security Operations Centre (SOC) Manager
Org Unit: Respond - Cyber Operations
Job Title
SOC Manager – (24 x 7 Shift)
Maersk is a global leader in integrated logistics and have been industry pioneers for over a century. Through innovation and transformation, we are redefining the boundaries of possibility, continuously setting new standards for efficiency, sustainability, and excellence.
At Maersk, we believe in the power of diversity, collaboration, and continuous learning and we work hard to ensure that the people in our organization reflect and understand the customers we exist to serve.
With over 100,000 employees across 130 countries, we work together to shape the future of global trade and logistics.
Join us as we harness cutting-edge technologies and unlock opportunities on a global scale. Together, let's sail towards a brighter, more sustainable future with Maersk.
Role Purpose/Summary
To lead the Cyber, Detect & Respond function as part of Maersk’s Global Cyber Defence Centre in delivering operational security capabilities that enable the effective detection of and response to cyber security incidents and threats so that Maersk can maintain confidentiality, integrity, and availability.
The role will involve:
- As a Cyber Manager in the Security Operations Centre (SOC) function, the role provides technical leadership and strategic direction to L3, L2 and L1 cyber analyst team.
- This role will lead and develop the SOC capability, (people, technology, and process) to support the overall Threat Monitoring and Response team, by providing 24/7 Detection and Response cyber security coverage to Maersk and subsidiaries.
- This role will focus on providing the SOC team with Senior leadership, hands on technical support as well as major cyber incident management.
- The role will support the Head of SOC and other senior stakeholders to delivering overall joint TMR strategic success, by continuously improving the capability.
- The role will report to the Head of SOC, acting as one of the SME’s whilst working closely with Cyber Security Teams (Risk, Cyber Security Officers, Assurance, Platform Security Engineers, Security by Design, Product Owners, and Cyber Operations) to deliver cyber detection and response capability to Platforms, Brands, M&As and the Enterprise.
- Coordinating regular reviews and updates of the Cyber Detect & Respond Team’s processes to ensure they remain effective and fit-for-purpose
- This is a unique opportunity to support Cyber in one of the key front lines of defence, embracing Threat Led approach to Cyber Incident Management and Cyber Continues Improvements at the enterprise level
Key responsibilities
Responsibilities will include but not be limited to:
- Carrying out and or lead key incident management activities, including creating effective incident timelines and supporting response activities.
- Taking full responsibility for incident management and quality of delivery of the team and assisting other teams when necessary
- Provides leadership and coaching, (technical and non-technical) to professional staff, leads, L3, L2 and L1 Analysts
- Work independently within a broad framework, with a clear level of authority
- Contributes to wider decision making including the development of practices, processes, and procedures.
- Broad experience in a job area, including but not limited to Cyber Security and People Management
- Develops departmental plans, including business, production and / or organizational priorities
- Solves complex challenges based on accurate identification of underlying factors / causes and is aware of the impact of proposed solutions outside their own immediate area
- Develops people – coaching and mentoring to build organizational capability, talent, and bench strength.
- Responsible to develop, implement, run, and improve Cyber Incident Response and Continues Improvement lifecycle, withing SOC but also contribute widely
- Providing the organization with the appropriated cyber support and strategic and tactical incident response.
- Influencing improvements and work hand-to-hand with other Cyber Security capabilities such as Cyber Threat Intelligence, Operational Compliance, Red Teaming, Secure by Design, Products and Engineering teams.
- Supporting security incident management when required and deliver briefings, reporting and quality updates to senior management in relation to cyber issues
- Create, develop, execute, and effectively deliver SOC strategic papers to satisfy continuedly changing and agile cyber environment
- Produce reporting and presentations in timely fashion to support SOC success
- Take ownership when things go wrong, promote team when achieved success
Services Overseen
- Protective Monitoring
- Threat & Behavioral Analytics
- Investigative Analysis
- Threat Hunting
- Incident Response
- Incident Management
- Continuous Improvement
- Project engagement
- TMR improvement and supporting capabilities
- Security Operations Centre development
Primary internal stakeholders
- CISO
- Director of Global Cyber Defence Centre
- Head of Cyber Operations
- Head of Cyber Defence Engineering
- Head of Escalations and Continues Improvement
- Cyber Analysts
- Command & Control Centre
- Cyber Security
- PSEs, CSOs, SbD, Risk
Primary external stakeholders
- All Cyber Security Teams and IT is supporting groups
- Platforms
- Integrated and non-Integrated Brands
- M&As
- The Enterprise
- Third party vendors
- Service providers
Required experience & skills
Non-Technical Skills:
- Minimum of eight years’ experience in Cyber Security Industry, performing similar people manager responsibilities in the past five years to support and lead Incident Management, Cyber Operations functions.
- Experience in wide variety of technology and cyber security spaces addressing issues, along with correlated extensive technical knowledge as follow:
- Experience in building a new capability/service and improving new processes and technologies.
- Proven track record in leading and developing people and engaged teams
- Ability to deliver effective communication, with excellent negotiation skills across variety of audiences from technical teams up to C level.
- Extensive knowledge of tooling integration across multiple domains, including but not limited to Cloud, SIEM, XSOAR, EDR, XDR, Endpoint and Server Estates.
- Strong knowledge of industry best standards, frameworks, and best practices to deliver scalable and compliant processes, technology, and people development strategies.
- Experience in automating processes via tooling is essential
- Skilled in theorical and practical application of cyber security standards and frameworks e.g., ISO27001, NIST, CIS, OWASP, SANS.
- Deep understanding of application of cyber-attack frameworks e.g., MITRE ATT&CK and DEFENCE frameworks.
- Strong knowledge of attacker tools, tactics, and techniques, including privilege escalation, persistence and lateral movement techniques, common malware and exploit tools and techniques.
- Extensive knowledge of security relevant data, including network protocols, ports, and common services such as TCP/IP protocols and application layer protocols (e.g., HTTP/S, DNS, FTP, SMTP, etc.).
- Experience with vulnerability scanning tools and management technology e.g., Qualys, Prisma Cloud, Black Duck, Polaris.
- Experience with defensive layered tooling and techniques e.g., Akamai, Trend, CrowdStrike, AlgoSec.
- Effective collaboration and integrations skills across multiple functions such as, cyber risk and issues management within a very large and complex organisation.
- Keen to develop but also visionary in promoting skilled team development.
- Relevant qualifications such as CSIM, CISSP, CEH, SANS, OSCP or equivalent are desirable
Personal Profile
- Leader and problem solver, able to resolve conflicts with positive outcomes
- Excellent written and verbal communication skills and able to be understood by both technical and non-technical personnel
- Ability to speak and present to an audience, both virtually and in person
- Ability to manage conflicting priorities and multiple tasks
- Comfortable working independently but effective in identifying scenarios where advice and guidance on more complex issues communicated across the team to ensure team alignment.
- Confident in making decisions with effective measure of a risk-based approach according to organizational risk appetite.
- Naturally inquisitive with a flair for complex problem solving
- Excellent planning and organizational skills
- Detail orientated but able to operate with limited information
- Able to work under pressure and meet deadlines, solve problems creatively
- Must be highly reliable, trustworthy, and honest
- Desire to learn and have a self-development/growth mindset
- Empathetic with a motivation to understand other people, cultures, and methods of operation
- Customer focused, can adapt approach based on the needs and nature of a key stakeholder
Key measures
- KPI’s, KRI, Scorecards developed and enhanced to support SOC deliveries
- Measurable and effective Improvements of Security Operations with TMR
- Innovative solutions delivered to enhance SOC visibility and reduce False Positives
- Enhancement of SOC function in line with overall Cyber Strategy
- Cross Integrations, Automations, Threats mitigated, and issues resolved
- Ability support business units to manager their Cyber Debt
- Employee Engagement Survey
Other requirements
May be required to travel internationally on occasions as part of the role.
At Maersk, we're building a culture where everyone can feel at home. We don't just work across continents, we work across different genders, generations, cultures, sexual orientations, religions, disabilities and perspectives. Together, we succeed as one global team. We want to encourage innovation and empower our teams to share new ways of thinking, making the most of our diverse talents. But it’s also about feeling involved and encouraged to be yourself.
We’re excited for you to become part of our team and fully join in the adventure ahead.
Maersk is committed to a diverse and inclusive workplace, and we embrace different styles of thinking. Maersk is an equal opportunities employer and welcomes applicants without regard to race, colour, gender, sex, age, religion, creed, national origin, ancestry, citizenship, marital status, sexual orientation, physical or mental disability, medical condition, pregnancy or parental leave, veteran status, gender identity, genetic information, or any other characteristic protected by applicable law.
We are happy to support your need for any adjustments during the application and hiring process. If you need special assistance or an accommodation to use our website, apply for a position, or to perform a job, please contact us by emailing accommodationrequests@maersk.com.