Manager - SOC Advisory

CPX

Date: 1 day ago

City: Abu Dhabi

Contract type: Full time

Job Purpose

To lead the SOC team and cybersecurity professionals within the SSBU.
Provide leadership to the team, ensuring everyone is trained, motivated, and effectively working together.
Establish SOC performance goals and priorities, lead incident response efforts, and serve as POC for all security incidents.
Ability to handle high-pressure and complex situations.
Analyze complex data to identify vulnerabilities and potential threats and provide reports timeously.

Job Responsibilities

Key Focus

Key Activities

Key Responsibilities

Ensure the SOC operations focus on achieving the SOC vision, mission, objectives, and goals.
Advise appropriate senior management or authorizing changes affecting the organization's information and cyber security posture.
Collect and maintain data needed to meet security reporting to management. Assist in preparing the annual budget for Security operations.
Ensure that information and cyber security requirements are integrated into that system’s continuity plans and, or organization.
Facilitate the security operations data required for information security risk assessments during the Security Assessment and Authorization (SA&A) process.
Participate in developing or modifying the SOC program, plans, and requirements.
Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the organization’s information system(s) security operations.
Oversee SOC delivery and resource management. Manage the rotation of resources in the SOC and regularly prepare the shift roster.
Responsible for the recovery and forensic investigation of incidents.
Ensure the compliance of SOC to the SLA, organization policies, and other regulatory requirements. Identify and report any deviations in the defined SOC process.
Design, build, implement, and maintain a knowledge management system that provides the SOC section with adequate information to operate the SOC.
Ensure the Incident resolution and false positives knowledge base is updated continuously.
Led the Incident response team, coordinated and drove the Incident recovery activities with internal and external parties.
Ensure the overall quality of the SOC operations. Regularly track the timeline compliance of the SOC activities.
Regularly review the processes, procedures, and activities the SOC team follows and propose changes if there is a scope for improvement.
Develop and evaluate metrics to measure the performance of the SOC team. Provide suggestions to add/remove event sources under monitoring scope.
Co-ordinate with CPX internal teams in performing the incident drill.
Submit incident drill summary report to management and propose changes in the process if necessary.
Oversee incident response planning and handling, as well as the investigation of security breaches, and provide prevention and recovery progress to management.
Periodically measures the performance of the SOC and reports the results to the management.
Evaluate new technologies and tactical process that helps to optimize or improve the SOC operations.
Mentor the SOC section with the latest security trends, threat detection, and analysis techniques, etc., via internal training, external training, classroom training, and team meetings.
Ensure all the SOC reports, documents, and records are prepared daily as required.

Incident Management

Expert in incident response and recovery handling methodologies.
Knowledge of Cyber kill chain and other frameworks such as NIST, ISO, SANS, etc.
Knowledge of defense-in-depth techniques and of different classes of attacks (e.g., passive, active, insider, close-in, distribution)
Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non-nation state sponsored], and third generation [nation state sponsored]).
Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
Knowledge of which system files (e.g., log files, registry files, and configuration files) contain relevant information and where to find those system files.
Knowledge of hacking methodologies in Windows or Unix/Linux environment Surveillance and penetration testing principles, tools, and techniques (e.g., Metasploit, NeoSploit).
Knowledge of programming language structures and logic.
Knowledge of web mail collection, searching/analyzing techniques, tools, and cookies Web Technology.
Skill in performing damage assessments.
Skill in performing packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump)
Knowledge of malware and malware analysis tools (e.g., Olly Debug, Ida Pro).
Skill in analyzing anomalous code as malicious or benign.
Knowledge of virtual machine-aware malware, debugger-aware malware, and packing.
Skill in interpreting the results of the debugger to ascertain tactics, techniques, and procedures.
Knowledge of types and collections of persistent data and of basic concepts and practices of processing digital forensic data.
Skill in analyzing memory dumps to extract information in analyzing volatile data and identifying obfuscation techniques.
Knowledge of forensic processes for seizing and preserving digital evidence (e.g., a chain of custody).
Skill in preserving evidence integrity according to standard operating procedures or national standards.
Knowledge of Cyber Threat Intelligence, Endpoint Protection, Security Orchestration, and Automation technologies.

Security Operations Management

Knowledge in implementing and managing various processes related to security operations.
Knowledge of current and emerging threats/threat vectors.
Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.
Knowledge of new and emerging information technology (IT) and information security technologies.
Skill in developing, testing, and implementing network infrastructure contingency and recovery plans.
Skill in evaluating the trustworthiness of the supplier and/or product.
Knowledge of new and emerging information technology (IT) and information security technologies.
Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
Knowledge of Information security GRC, standards, best practices, and concepts.
Knowledge of applicable Information and cybersecurity-related laws and regulations.
Knowledge of disaster recovery and continuity of operations plans.

Characteristics

Motivating and empowering the team.
Active involvement in management discussions.
Possess strong people and process management skills.
Excellent interpersonal, presentation, and facilitation skills.
Coordinated efforts aligned with the bigger picture to maximize the overall value of SOC delivery.
Collaborate and build relationships with internal and external parties to support SOC operations.
Self-motivated, curious, and knowledgeable about information security news and current events.
Highly result oriented and able to work independently.
Ability to build relationships and interact effectively with internal and external parties.
Good analytical, technical, written, and verbal communication skills.
Ability to multi-task in a fast-paced and demanding work environment.
Ability to lead the team with good coordination skills.
Comfortable with a high-tech work environment and constantly learning new tools and innovations.
Good working knowledge of Office tools.
Ability to work effectively and lead a team to accomplish SOC goals and objectives.
Must be an articulate and persuasive leader who can communicate security-related concepts to various technical and non-technical staff.
Self-motivated, curious, and knowledgeable about information security news and current events.

AOR (Any Other Responsibilities)

Any other responsibilities as required by the Line Manager

How to apply

To apply for this job you need to authorize on our website. If you don't have an account yet, please register.

Post a resume

Similar jobs

Information Specialist - Dynamics 365 Technical (D365 CE & Power Platform)

Migrate, Abu Dhabi

4 hours ago

We are actively seeking a highly skilled and experienced Information Specialist - Dynamics 365 Technical to join our team and contribute to a critical project for one of our esteemed clients. This role requires extensive hands-on expertise in Microsoft Dynamics 365 Customer Engagement (CE) modules and the comprehensive Microsoft Power Platform.If you are a driven technical professional with a proven...

Senior Officer, Insurance Services

HealthPlus Network of Specialty Centers, Abu Dhabi

7 hours ago

OverviewWe are seeking a detail-oriented and proactive Senior Officer, Insurance Services to join our team. In this role, you will play a vital part in supporting both the Finance and Insurance departments by managing day-to-day insurance activities. This includes handling authorizations, claim submissions and resubmissions, and ensuring accurate processing of medical claims.You will be responsible for ensuring all insurance-related tasks...

Manager, Aviation Maintenance

ADNOC Group, Abu Dhabi

8 hours ago

Job PurposeTo plan and control all aviation equipment/Assets (Static & Mobile) maintenance including Mechanical, Electrical, Instrumentation and Civil) in order to provide undisrupted and safe aviation fuelling services in all civil aviation depots and Strategic customer bases in accordance with adopted international standards (JIG & IATA) promoting a safe and preventive environment for ADNOC Distribution clients.KEY ACCOUNTABILITIES:Maintenance Planning and Management...