Security Operations Centre (SOC) Lead

Job Title: Security Operations Centre (SOC) Lead/Engineer

Job Description:

1.1                        Overview

DNEG’s Information Security (InfoSec) program has the requirement to build an internal Security Operations (SecOps) function in order to successfully preserve the confidentiality, integrity and availability (CIA) of its, and client’s, confidential data, PII and systems and services. The overview of the SecOps program is listed below.

1.2                        Mandatory Requirements and Expectations

The building block in actualizing the SecOps function, will be to recruit a seasoned Security Operations Centre (SOC) Lead/Engineer to assist with applying the following crucial requirements:

•          Assisting with operationalizing the company’s ISMS framework on scale.

•          Experience with working with numerous security and audit frameworks and ensuring operational efficiency of delivering against these crucial compliance and governance requirements.

•          Assisting with architecting an optimal operational support model to monitor, detect, investigate and mitigate/minimize/manage key risk indicators and output derived from the company’s IT infrastructure, identity and data services.

•          Identifying, hiring, maturing and managing the SecOps team.

•          Applying critical incident response action and suitable escalation to contain and minimize verified compromise.

2          Duties and Operational Responsibilities

• Manage daily/BAU operational security operations.
• Mature and develop the SOC processes and responsible for building the SOC function.
• Develop and maintain SOC operational processes and runbooks. Identify gaps and ensure that all necessary information and security telemetry is continuously being collected, correlated, aggregated and analyzed to detect potential cybersecurity risk to DNEG.
• Develop and implement SECOPS key performance indicators (KPIs) to ensure that optimum service delivery is being met.
• Work proactively, independently and partner with other internal teams to further streamline and mature all SECOPS processes and procedures.
• Responsible for BAU day to day management of the SOC and ensure that daily operation activities are running at optimum performance.
• Act in a leadership capacity and nature and build the effectiveness, partnerships and collaboration within the team and with peers and stakeholders.
• Responsible for ensuring that all cybersecurity detection, response, and recovery processes and procedures are up-to-date, relevant and adhered to.
• Responsible and accountable of the managing all aspects related to cyber security incident management and response.
• Develop and provide applicable reporting operating metrics demonstrating all facets of the SECOPs function and role within DNEG.

3          Job Requirements

3.1                        Mandatory Job Requirements

A successful candidate will meet the majority of the requirements listed below and will be able demonstrate suitable experience in competencies in each of the following:

•          Ten years, plus/minus, of successfully building, developing and operationalizing a SecOps/SOC function within a highly technical and complex operating environment.

•          In-depth experience and knowledge of all facets of cybersecurity operations, incident response (IR) management, processes and procedures and investigations.

•          Strong leadership and operational management skills and be able to demonstrate previous and/or current experience of building and maturing a SecOps function.

•          Excellent, and demonstrable, technical knowledge, application and experience with the following:

• Network Security: Firewalls, IDS/IPS, Proxy Servers, Email and Web Content Filters.
• Anti-Virus/Malware Mitigation (EPP): Signature and signatureless EPP solutions.
• Access Control Concepts and Application.
• DLP Solutions
• Operating Systems: MS Windows (Client and Server O/S); multiple LINUX distributions, Mac OSX

•          Excellent and demonstrable, technical knowledge, application and experience with the following:

• Security data analytics and reporting.
• SIEM, security data aggregation and correlation knowledge. Defining SIEM rules and downstream monitoring and detection processes.
• MITRE framework

•          Knowledge and experience of working with the following Information Security frameworks:

oISO 27001:2013

• PCI/DSS
• CIS
• NIST

•          Excellent knowledge of identity management systems and processes and be familiar with both existing and emerging threats as they pertain to IdAM.

•          Excellent knowledge and experience of using vulnerability assurance management toolsets and services.

•          Excellent knowledge and experience of network and application penetration testing methodologies and practice.

•          Enhance and mature existing applied InfoSec technologies that are utilized for the SecOps function.

•          Knowledge of privacy compliance and privacy frameworks and their applicability to a SecOps function would be desirable, e.g., GDPR.

•          Strong knowledge and demonstratable experience of Cloud Security (especially SaaS and PaaS), concepts and application.

•          Demonstrate experience of being able to fulfil requirements and prioritize workstreams.

•          A strong team player who also works effectively in an independent capacity.

•          Highly motivated and bring a forward thinking and highly collaborative approach to the SecOps function

3.2                        Education

• A bachelor’s degree in IT or Computer Science
• Certified Information Systems Security Professional (CISSP), Certified Information System Auditor (CISA); CISM, IISP, or other equivalent Security certification/accreditation is desirable.