Security Operations Center (SOC) Lead

Description

Position Summary 

The SOC Lead is responsible for managing and overseeing the operations of NTG's Security Operations Center (SOC). The position requires a minimum of 5 years’ experience or experience and a related degree in IT or Cybersecurity. This role involves leading a team of SOC Analysts in detecting, analyzing, and responding to cyber threats, vulnerabilities, and insider threats. The SOC Lead plays a critical role in ensuring the security of customer systems by performing advanced cyber threat analysis, coordinating incident responses, and refining security procedures and strategies. This role is essential for ensuring the integrity and security of NTG’s systems and data. If you are passionate about cybersecurity and possess strong leadership and analytical skills, we encourage you to apply.

Key Attributes:

• Detail-oriented      with a proactive approach to threat detection and mitigation.
• Ability to adapt to new      technologies and evolving threat landscapes.
• A team player with a strong focus      on collaboration and continuous improvement.

Essential Duties and Responsibilities

The essential functions include, but are not limited to the following:

· SOC Management and Leadership:

o Oversee day-to-day operations of the SOC and ensure optimal team performance.

o Lead and mentor SOC Analysts, providing guidance on threat detection, incident response, and use of security tools.

o Manage and prioritize security incidents and escalate critical issues, as necessary.

· Threat Analysis and Incident Response:

o Perform advanced threat analysis to identify, assess, and mitigate cyber threats and vulnerabilities.

o Conduct insider threat investigations and develop strategies to prevent unauthorized access or misuse.

o Coordinate and execute comprehensive incident response plans during security breaches or cyberattacks.

· Procedure and Playbook Development:

o Develop and refine SOC procedures, playbooks, and response strategies to improve operational efficiency.

o Ensure documentation of processes and lessons learned from incident response activities.

· Reporting and Trend Analysis:

o Analyze and report on security trends, vulnerabilities, and incidents.

o Provide recommendations to enhance detection capabilities and mitigate security risks.

· Collaboration and Coordination:

o Work closely with other teams, such as IT, engineering, and compliance, to address and mitigate security risks.

o Act as a liaison between the SOC and leadership, providing updates on the security landscape.

Requirements

Minimum Qualifications (Knowledge, Skills, and Abilities)

· Technical Expertise:

o Strong understanding of cyber threats, vulnerabilities, and attack vectors.

o Expertise using, customizing, and tuning Splunk 

o Expertise in security tools such as SIEM, IDS/IPS, EDR, firewalls, and forensic tools.

o Familiarity with frameworks like MITRE ATT&CK, NIST, and ISO 27001.

o Proficiency in scripting and automation for SOC processes (e.g., Python, PowerShell).

· Leadership Skills:

o Proven ability to lead and manage teams in a high-pressure environment.

o Strong mentoring and coaching capabilities to develop team members' skills.

· Analytical and Problem-Solving:

o Excellent analytical skills to perform detailed cyber threat and vulnerability assessments.

o Ability to prioritize and make quick decisions during critical incidents.

· Communication Skills:

o Strong written and verbal communication skills for reporting and collaboration.

o Experience presenting technical findings to non-technical stakeholders.

· Certifications (Preferred):

o CISSP, CISM, CEH, GIAC certifications (e.g., GCIH, GCIA).

o Relevant certifications in SIEM or other security platforms.

· Education, Experience:

o Bachelor’s degree in computer science, information security, or related discipline; and/or 5 or more years of documented experience in Cybersecurity.

Physical Demands and Work Environment 

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform these functions.

While performing the duties of this position, the employee is regularly required to talk or hear. The employee frequently is required to use hands or fingers, handle or feel objects, tools, or controls. The employee is occasionally required to stand; walk; sit; and reach with hands and arms. The employee must occasionally lift and/or move up to 75 pounds. Specific vision abilities required by this position include close vision, distance vision, and the ability to adjust focus. The noise level in the work environment is usually low to moderate. 

Travel

Up to 15%

Shift

· This position is normally M-F 8 AM to 5 PM (Eastern)

o The SOC is manned 24/7/365 so occasionally alternate shifts may be required to provide coverage.