Manager - Security Operations Centre

About Zeta
Zeta is a Next-Gen Banking Tech company that empowers banks and fintechs to launch banking products for the future. It was founded by Bhavin Turakhia and Ramki Gaddipati in 2015. Our flagship processing platform - Zeta Tachyon - is the industry’s first modern, cloud-native, and fully API-enabled stack that brings together issuance, processing, lending, core banking, fraud & risk, and many more capabilities as a single-vendor stack. 15M+ cards have been issued on our platform globally. Zeta is actively working with the largest Banks and Fintechs in multiple global markets transforming customer experience for multi-million card portfolios. Zeta has over 1700+employees - with over 70%roles in R&D - across locations in the US,EMEA, and Asia. We raised$280 million at a$1.5 billion valuation from Softbank, Mastercard, and other investors in 2021.Learn more @www.zeta.tech,careers.zeta.tech,Linkedin,Twitter

The Role
This role is part of the Information Security Team, Engineering division of Zeta. The Security Operations Manager is responsible for creating the Security Operations Center (SOC) environment, coming up with project roadmap, setting processes in place, creating incident response plans, analyzing alerts, creating dashboards, collecting threat intelligence etc. Guide Developers and DevOps teams about new threats and help harden infrastructure and applications from various attacks as needed. The objective is to make zeta applications and infrastructure secure.
As Security Operations Center Manager of the Information Security sub-division, you will be responsible for identifying attacks against Zeta’s infrastructure and applications. You will be working in a techno-managerial role, leading a team and reporting to the manager.

Responsibilities

• Guide the organization's detection and response initiatives
• Understand adversarial tradecraft along with tactics, techniques and procedures (TTPs)
• Assess gaps, tools to improve security operations and incident response
• Act as a intrusion detection and response expert and technical champion within Zeta
• Provide support in detection, response, mitigation of cyber security incidents
• Perform detailed investigation in order to identify root cause for critical issues
• Prepare and present reports of incidents and ways to limit recurrence
• Oversee the planning and coordination of security operations during high-risk events.
• Experience working in SOC/TI mainly involving cloud services, GCP and AWS (preferably) and web applications
• Hiring decisions, hiring process definition, and continuous improvements.
• Broad knowledge of security domain with an understanding of logs and event processing, incident management, detection, response and tool development
• Utilizing a security information and event management (SIEM) platform for visibility and detection of live intrusions and to triage alarms in real-time.
• Perform review and validation of all deliverables for SOC, IR, Threat Intelligence, Threat Hunting and other SOC activities.
• Ensure timely and accurate reporting to Zeta board, CERT-In, Auditors etc.
• Hands on experience in intrusion detection, security investigations and incident response
• Experience in threat hunting using threat intelligence to investigate potential risks and finding suspicious behaviour
• Continuous improvement of SOC platform (SIEM Admin) through enhancements, tool addition, project planning etc.
• Guide SOC Team, maintain SOC personnel shift schedules
• Catch, investigate, and remediate security incidents.
• Ensure Service Level Agreements (SLAs), of projects progress, risks, issues, and proposed resolutions.
• Development of incident response plans and SOPs
• Automation, Reporting and Compliance

Skills

• Deep understanding of Cloud Environments like AWS, Azure etc.
• Deep understanding of Managed and vanilla Kubernetes clusters and working of dockers, containers and helm charts
• Hands on experience in intrusion detection, security investigations and incident response
• Experience in threat hunting using threat intelligence to investigate potential risks and finding suspicious behavior
• Design, create, deliver, and support the deployment of Python/Ansible/Terraform automation as required for ELK/EFK/AWS-OpenSearch and other technology stack
• Perform review and validation of all deliverables for SOC, IR, Threat Intelligence, Threat Hunting and other customer assigned activities.
• Develop policies, instruction, standards, and procedures around security operation functions.
• Provide Metrics and Artifacts supporting audit activities.
• Perform threat management, threat modeling, identify threat vectors and develop use cases for security monitoring.
• Understanding of network protocol, TCP/IP stack, and working knowledge of tools like Wireshark, tcpdump etc.
• Strong data analysis skills; ability to independently write scripts/code to parse and analyze complex data.
• Practical experience with deployment and/or operation of commonly used information security solutions Like Cloudflare, Splunk, CloudTrail, etc.
• Understanding and familiarity with existing TTP frameworks like MITRE ATT&CK, Cyber Kill Chain etc.
• Must have worked in ELK/EFK/AWS-OpenSearch implementation project, and Logstash data parsing rules.
• Experience in ELK/EFK/AWS-OpenSearch stack or other logging / stats / visualization tools like Grafana, Prometheus etc.
• Threat intelligence like OSINT, MISP etc.
• Experience in databases, Linux/Unix environment, software development, and/or experience with distributed systems.
• Familiarity with Java Log4j framework, syslogs, nginx/apache logs is a plus.
• Expertise in Log monitoring tools like Splunk, ELK/EFK/AWS-OpenSearch, SumLogic, Loggly, Arcsight etc.
• Knowledge of malware analysis.
• Understanding of CI/CD, Jenkins
• In-depth understanding of production operations on public cloud infrastructure
• AWS/Azure (VPC/Vnet, S3 buckets, blob stores, LoadBalancers etc.), Dockers & Containers, Kubernetes
• Certifications like OSCP, OSEE, CISSP, SANS CTI etc

Experience and Qualifications

• 9 to 13 years of overall experience as Security Operations engineer in medium to large-size product companies.
• Bachelor of Technology (BE/B.Tech), M.Tech/ME in Computer Science or equivalent

Life At Zeta
At Zeta, we want you to grow to be the best version of yourself by unlocking the great potential that lies within you. This is why our core philosophy is ‘People Must Grow.’ We recognize your aspirations; act as enablers by bringing you the right opportunities, and let you grow as you chase disruptive goals. 
#LifeAtZeta is adventurous and exhilarating at the same time. You get to work with some of the best minds in the industry and experience a culture that values the diversity of thoughts. If you want to push boundaries, learn continuously and grow to be the best version of yourself,  Zeta is the place to be!  Explore the life at zeta 
Zeta is an equal opportunity employer.  
At Zeta, we are committed to equal employment opportunities regardless of job history, disability, gender identity, religion, race, marital/parental status, or another special status. We are proud to be an equitable workplace that welcomes individuals from all walks of life if they fit the roles and responsibilities.