Carbon Black, the leader in advanced threat protection, is seeking a SOC Manager for ThreatSight service. This is a senior level position in Cyber Security, targeted toward individuals with 10 or more years of experience. Educational and personal experience with network/systems administration and/or information security related work is necessary.
ThreatSight team at Carbon Black is responsible for monitoring and maintaining systems used in our security program to provide customer protection. This includes the following of procedures to triage and investigate security alerts, and escalate issues as necessary. ThreatSight Manager have opportunities for mentorship from more senior management of the team, and creating maturing procedures, evaluating new security technologies, incident response, penetration testing, and the freedom to try out new ideas and technologies to improve ThreatSight service.
ThreatSight SOC Manager will lead the overall day-to-day work of the security operations center ensuring events and/or incidents are detected and responded to in adherence to established process as well as procedures. This includes:
- Recruit, hire, manage, support and career development to retain top analysts.
- Institute strong governance to lead and direct ThreatSight team with standard processes and workflows. Ensure that existing procedures are followed and that all procedures are documented in accordance with guidelines. Drive innovation towards ThreatSight values and effectiveness.
- Ensure that existing procedures are followed and that all procedures are documented in accordance with guidelines.
- Assist in Driving Client Satisfaction, Retention and Growth.
- Lead ThreatSight SOC solutions including scope development and service delivery commitments.
- Identify and define service delivery risks and offer, own, and manage risk mitigation strategies. Identify chronic operational and security issues, and ensure they are managed appropriately.
- Provide overview of ThreatSight challenges, risks and opportunities to leadership team. Manage and escalate roadblocks that may jeopardize security monitoring operations, infrastructure, and SLAs.
- Oversee the analysts’ daily tasking. Serve as a mentor to ThreatSight analysts.
- Must be highly technical, hands-on and also capable of serving as the primary point of contact with senior management.
- Mitigating and addressing threat vectors including Advanced Persistent Threat (APT), Distributed Denial of Service (DDoS), Phishing, Malicious Payloads, Malware, etc.
- Knowledge of hacker methodologies and tactics (TTPs), system vulnerabilities and key indicators of attacks and exploits. Ability to perform host-based and network-based analysis across all major operating systems and network device platforms.
- Experience with automation and orchestration SIEM platforms. Managing the chain of custody for all evidence collected during incidents and security investigations.
- Strong experience creating and tuning detection signatures, Indicators of Compromise (IOCs), and other content to detect malicious activity.
- Problem solving and analytical skills, i.e. the ability to systematically think through the implications of problems to arrive at sound solutions.
- Strong writing skills to document control descriptions and communicate with staff, peers and other teams.
- Build, administer and fine-tune processes to ensure compliance.
- Escalate issues to leadership in a timely manner with appropriate information regarding risk, action times and root cause analysis.
- Produce and review key performance indicators (KPI) of SOC performance and distribute executive metrics.
- Maintain knowledge of threat landscape by monitoring OSINT and related sources.
- Play a significant role in long-term SOC strategy and planning, including initiatives geared toward operational efficiency.
WHAT YOU’LL BRING
- BS/BA degree in Computer Science, Information Systems, or related discipline or equivalent experience.
- 10 or more years of professional work experience in the security field. Experience with Managed Security Services and SOC environment.
- Proficient experience working in an Agile environment.
- Demonstrates broad knowledge of cybersecurity technologies, trends and strategy.
- Strong analytical skills to define risk, identify potential threats, and develop action/mitigation plan.
- Organizational, project management, interpersonal and communication skills (verbal and written).
- Ability to manage and prioritize multiple tasks and projects and assist/advise support engineers in establishing appropriate priorities as well as demonstrated ability to manage customer projects and portfolios.
- Strong interpersonal skills, ability to mentor/train staff and bring awareness to current and emerging threats.
- Certifications a Plus: CISSP, SAN GIAC Certifications (GCIH, GPEN, GSEC, etc.)