SOC Service Manager

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation. 
 

Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.

About the F5 and Global Cyber Defense Intelligence Team

F5 is a multi-cloud application services and security company committed to bringing a better digital world to life. F5 partners with the world’s largest, most advanced organizations to optimize and secure every app and API anywhere, including on-premises, in the cloud, or at the edge. F5 Global Cyber Defense Intelligence Team (GCDI), is part of F5 CISO function implements security countermeasures, manages enterprise-wide cyber incident response and conduct digital forensic, e-Discovery investigation and providing 24/7 security monitoring to ensure security of F5.

The team is looking for highly skilled and talented Security Operation Centre Service Manager who can help us to transform, drive and scale critical Cyber Defense program with in F5.

Position Summary:

The SOC Service Manager plays a crucial role in safeguarding F5, tasked with creating both strategic and tactical security plans for the organization. The SOC Service Manager will collaborate closely with GCDI team leaders across F5 to ensure alignment and achieve measurable results using security data. They will also develop telemetry to improve proactive security detection and response from millions of security events. The SOC Service Manager directly leads a team of SOC analysts/engineers providing 24/7 security detection/respond services. The manager oversees the daily operations of the SOC team, ensuring a high-performance, productive, and professional work environment. In the event of a cyber crisis, the SOC Service Manager should be the primary person to support and coordinate the Incident Response investigation.

 Primary Responsibilities:

• Responsible for upholding F5’s business code of ethics and promptly reporting violations of the code or other company policies.

• Follow F5’s enterprise information security policies and protect, detect, and remediate information assets from unauthorized access, disclosure, modification, destruction, or interference.

• SOC Service Manager collaborate with GCDI leaders and understand SOC Mission and learn SOC goals.

• Oversee Security Operations Centre (SOC) functions, including incident detection, response, and management. Ensure effective monitoring and reporting of security events.

• Directly manage a team of SOC analysts and ensure security alerts are managed effectively with in SLA.

• Lead and manage multiple third-party vendors, including Managed Security Service Providers (MSSPs).

• Develop and implement processes and procedures to improve SOC operations and service delivery.

• Ability to manage and respond to cyber-attack investigations, insider threats and digital forensics.

• Ability to integrate, automate and generate high fidelity alerts.

• Ability to respond to Blue Team/ Red Team or Tabletop exercises at an enterprise level.

• Monitor and triage security systems for security gaps and propose the best solution to enhance security.

• Lead security operation projects across the enterprise to improve incident response, threat hunting.  

• Provide feedback on process improvements, improving the efficiency of the Incident Response program.

• Mentor junior team members, be open to share and receive feedback, adhering to F5 Core Values.

• Performs other related duties as assigned and help each other’s to thrive in work environment.

• Create, Upkeep and govern incident play books and runbook documentations.

• Monitor and manage the health status of security monitoring controls

• Develop and implement SOC metrics including MTTD, MTTR, and other key performance indicators KPI’s.

• Providing regular SOC reports, including daily, weekly, and monthly updates.

• Propose risk mitigating strategies to leadership, advise on acceptable mitigating controls and ensure they are documented.

• Develop and keep stakeholder relationships, including those with CTI, Legal, Privacy, HR, Risk and Compliance, Security Engineering, and other internal teams with strong leadership skills.

The Job Description aims to provide a general overview of the role’s responsibilities and requirements. However, it may not encompass all aspects, and these responsibilities and requirements may change based on business needs, while ensuring that clarity and alignment are consistently maintained.

Required Skills and Knowledge:

• Over 10+ years of cybersecurity experience, including at least 4 years in security management roles such as supervisor, technical/team leader, within a security operations environment.

• Prior experience in driving large scale security operation centre preferably in technology industry.

• Experience in managing and oversee the daily operations of the security team, including alert triage, incident response, investigations, and threat management.

• Experience with 24/7 security operations centres, planning and managing shift rosters.

• Correlate events from multiple log sources to detect known and unknown threats and mitigate the same.

• Perform in depth investigation in SIEM platform, cloud security platform (e.g. AWS, Azure, GCP), email security solutions, end point security controls and corporate firewall security events.

• Good knowledge on advanced attack patterns and familiarity with MITRE ATT&CK framework.

• Strong understanding of networking concepts and OS concepts including Windows, Mac, Unix/Linux.

• Experience with managing SIEM, SOAR, M365, AAD, Email security, EDR, Cloud SIEM, DLP, CSPM, IAM, PIM, CTI platforms and Net gen Firewalls etc.,

• Experience with ticketing system such as Jira, DevOps, ServiceNow.

• Highly motivated with business interpersonal skills and strong communication.

• Experience in handling external audits and knowledge on Audit controls.

• Strong organizational skills, ability to work well with contacts in various business fields.

• Collaborate with other leaders to determine security needs and integrate security measures into business operations.

• Strong knowledge of security best practices and standards (ISO/IEC 27001/27002, 27005, 27032, 27799, NIST CSF, NIST SP 800-53, 800-39).

• Strong Knowledge about project management frameworks such as Agile, Scrum, Kanban or the ITIL frameworks

• Experience in driving efficiencies, handling growth and delivering results.

• Excellent written documentation, reports, and ability to present to leadership team.

• Cultivate innovation, creativity, teamwork, and professional growth of the SOC Team

• This role requires availability outside normal business hours to align with the global team or to respond to critical security events.

Preferred Certifications:

• Good to have SANS GSOM,GSOC,GMON,LDR551 or other industry-relevant cyber-security certifications are a plus.

• Certified experience related to Incident Response, Threat Hunting, Cloud security or Digital Forensics

Qualifications:

• Bachelor’s degree in computer science or information systems, MIS or related technical degree with 10+ years of experience in Cyber Security Operations/ Incident Response /Threat Hunting/Digital Forensics.  

• Ability to inspire change through effective leadership, communication, planning, and execution.

• Capable of translating broad targets and aims into a detailed list, setting priorities for yourself and others, and achieving goals.

• Knowledge and ability to manage organizations to key performance indicators.

• Able to clearly communicate sophisticated technical issues to larger audience at varying levels.

• Ability to work in a highly collaborative team environment.

• Able to read, write, and speak English fluently, including complex technical concepts.

• Solid skills in MS Visio, Lucid chart, MS Office apps and with standard professional applications.

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com).

Equal Employment Opportunity

It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination.  F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.