Security Operations Manager at DataTech Recruitment

• Security Operations Manager required in Sandton – Hybrid, to supervise the security team, provide technical guidance, and manage SLAs. CISSP or CISM Certification required and 8+ years’ experience in Security Management, and a further 3 years as a SOC Manager in an established high functioning SOC.

Responsibilities

• Lead the operational Managed Security Service Delivery on a 24 X 7 basis in Logicalis SA.
• In line with HR processes, ensure recruiting, hiring, training Security Engineering team members.
• Oversee defined incident response plans, workflows, and standard operating procedures SOP’s for the Security Operations.
• Act as the escalation point for all security incidents that require attention and timely responses.
• Coordinate response, triage and escalation of security events affecting customers’ information assets and activities with the Cyber Incident Response team.
• Dashboards, Reporting and actionable metrics that include KPI’s, monthly reports, threat advisories and tailored metrics specific to incident response and threat monitoring efforts.
• Review new SIEM use cases, run books that provide guidelines for analysing and responding to specific threats related to the new use case.
• Partner with internal and external stakeholders to identify, detect and prevent security threats the customers may face.
• Oversee the alignment of incident management processes between the SOC and Security Engineering team and Logicalis Managed Services operational and Customer IT operational teams.
• Undertake SOC and Security Engineering team performance reviews, leave approvals, salary, and bonus motivations, and adhere to performance management and disciplinary processes.
• Manage use of Service Now incidence and response system in terms of cases being logged and quality of incidents being tracked and closed.
• Oversee audit trails, system logs and other monitoring data sources are reviewed periodically comply with policies and audit requirements. Participate / lead / represent annual audits to ensure compliance to these security standards and frameworks
• Lead major cyber security incidents (war rooms)
• Presales: Participates in showcasing of the SOC to customers and prospective customers.
• Presales: Participate in proposal scoping and preparation on Security opportunities.
• Work in collaboration with Solutions team and Account Managers in the development and retention of SOC customers.

Requirements

• Degree in computer science or similar – Preferable
• Security Practitioner certifications such as Certified Information System Security Professional (CISSP) or Certified Information Security Management (CISM).
• Professional IT security management certification e.g., ITIL Foundation, CoBit Foundation, CEH
• ISACA CRISC – security risk information and system control will be an advantage
• Membership of (ISC)2, an ISACA and professional body will be an advantage
• Qualys Certification in Vulnerability Management
• CyberSec Incident Responder or Global Information Assurance Certification (GCIAH)
• 8 years track record in Security Management, and a further 3 years track record as a SOC Manager in an established high functioning SOC.
• Extensive Security Engineering & SOC leadership experience, including governance and stakeholder management
• Proven Security team mentoring track record
• Knowledge of networks technologies (protocols, design concepts, access control)
• Knowledge of security technologies (firewalls, endpoint protection, endpoint detection response, encryption, data protection, design, privileged access, etc.)
• Advanced leadership experience in a SOC and/or Incident Response Environment Leadership and technical experience with:
• Adherence to SOC governance processes and standards based on the likes of CREST SOC Maturity Levels, ISO 27001, SOC 2 Type1/2, COBIT, ITIL
• Extensive knowledge of security best practices, principles, and common security frameworks
• Experience with SIEM platforms, and integration/automation-such as Azure Sentinel, McAfee ESM, IBM QRadar, Alien Vault USM, LogRhythm
• Vulnerability management and security posture assessment
• Experience with overseeing the SOAR or similar automation/orchestration technologies
• Threat Intelligence & Threat hunting
• Cyber incident management, Case management
• Endpoint protection, DLP, EDR
• Email security
• In depth understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity and possible abnormal activities, such as worms, Trojans, viruses, strong understanding of current security vulnerabilities, attack vectors, industry technologies, trends, and tools and techniques
• Active use of the MITRE ATT&CK framework
• UEBA
• Network security, IDS/IPS, NGFWs, WAF, NAC, SWG
• Sandboxing
• Red and Blue Team Pen Testing
• Proficiency with network transport protocols and services (TCP/IP, Syslog, ODBC, SFTP, SSH, PKI, etc.)
• Experience in handling multiple, complex Service Engagements and projects, deadlines, and resources with minimal supervision
• Sound technical decision-making and problem-solving skills
• Strong communication skills, both written and oral
• Collaborative leadership style
• Excellent stakeholder management skills
• Team player
• Analytical with fine-tuned attention to detail
• Experience working as a member of a geographically diverse team
• Excellent reporting, written, verbal communication skills
• High customer satisfaction ratings in a SOC Service Arrangement
• Strong team networking, consultation, and negotiation skills
• A strong service-oriented (‘can-do’) culture, with a strong focus on the ‘internal customer’ approach, committed to exceeding customer expectations
• Exceptional planning & organizing skills
• Demonstrate clear purpose, enthusiasm, and commitment
• Influencer
• Outcomes driven
• Innovative
• Continuous Learning
• Disciplined
• Shows empathy
• Resilient to change and adaptable
• Financial management