OpNet SOC Security Manager

Job Type:
Cyber Security
Job reference:
27 days ago

Role: OpNet SOC Security Manager
Contract - 14 Months

Start Date: ASAP
Location: Corsham - On Site

Role Description:

The DPS SOC Security Manager (Incident & Vulnerability) is responsible for delivering DCO outcomes across the OpNET platform. The SOC Security Manager (Incident & Vulnerability) is critical for the deployed environment, ensuring that operational security processes are enacted at every level. The Security Manager (Incident & vulnerability) reports to the Operational Security Manager and is responsible for the People, Processes and Technology (P2T) that delivers the PROTECT, DETECT and RESPOND controls within the NIST Cyber Security Framework, specifically:

  • The day-to-day maintenance of the SOC PROTECT, DETECT and RESPOND tool sets.
    * Support to the development, implementation and configuration of new or revised SOC tooling.
    * Optimisation and automation across tooling to fully support the PROTECT, DETECT and RESPOND functions.
    * Full tooling visibility, and independent assurance, that all assets are visible and managed within the OpNET DCO security wrap.
    * Responsible for vulnerability scanning tooling, planning, and contribution to wider SOC strategy.
    * Responsible for integration of standard and non-standard logs in SIEM.
    * Optimising threat detection products for data loss prevention (DLP), security information and event management (SIEM), advanced email protection, endpoint detection and response (EDR), antivirus and intrusion prevention/detection systems.
    * Ensuring Vulnerability identification (including IOCs), assessment, quantification, reporting, Ensuring incident identification, assessment, quantification, reporting, communication, mitigation and monitoring.
    * Reviews and response to request for changes to SOC tooling, logging and monitoring.
    * Writing detection signatures, tune systems / tools, develop automation scripts and correlation rules.
    * Maintaining knowledge of adversary tactics, techniques, and procedures (TTPs).
    * Conducting forensic analysis on systems and engaging third-party resources as required.
    * Ensuring incident identification, assessment, quantification, reporting, communication, mitigation and monitoring.
    * Ensuring compliance to SLAs and KPIs, process adherence and process improvisation to achieve operational objectives.
    * Ensuring compliance to policy, process, and procedure adherence and process improvisation to achieve operational objectives.
    * Revising and developing processes to strengthen the PROTECT, DETECT and RESPOND delivery.
    * Initiation of corrective action where required.
    * Ensuring daily management, administration & maintenance of security devices to achieve operational effectiveness.
    * Creation of reports, dashboards, metrics for SOC operations and presentation to OpNET CISO and Security Working Group (SWG).
    * Co-ordination with stakeholders (both internally within DPS and externally with the CyISOCs), build and maintain positive working relationships with them, and ensure outputs are aligned.

Required Skills and Experience:

Hold current DV clearance.
* Strong hands-on experience in the implementation, maintenance and configuration of a variety of SIEM and SOAR platforms (including SPLUNK, ELK, Elastic, Security Onion v2).
* Experience in forensics, malware analysis, threat intelligence.
* Exposure and hands on experience of a variety of SIEM and SOAR platforms (including. Nessus, Greenbone, Nipper, BMC Discovery, McAfee EPO, Tanium, Tripwire and Whats Up Gold).
* Ability to understand, modify and create threat detection rules within SIEM.
* Ability to correlate data from multiple data sources to create a more accurate picture of cyberthreats and vulnerabilities, managing and engineering dashboards.
* Knowledge and experience with the Windows and Linux operating systems.
* Experience using Python, Perl, PowerShell, BASH or an equivalent language.
* Experience with network forensics and associated toolsets and analysis techniques.
* Ability to reverse engineer malware and then creating IOCs and rules for the SIEM.
* Understanding of log collection and aggregation techniques, Elasticsearch, Logstash, Kibana (ELK), syslog-NG, Windows Event Forwarding (WEF), etc.
* Able to tune correlation rules and outcomes via SIEM and SOAR platforms.
* Strong background in Analysis of attacker Tactics, Techniques and Procedures (TTPs) and Indicators of Compromise (IoCs).
* Understanding of intrusion detection systems, web application firewalls, and IP reputation systems.
* Technical understanding of current cybersecurity threats and trends.
* MITRE ATT&CK adversarial framework.
* ITILv3/v4 Foundation.

Desirable skills and experience:
* CompTIA A+.
* CompTIA Security+.
* CompTIA CySA+.
* CompTIA PenTest+.
* SANS 504 - Incident Handling.
* SANS 511 - Continuous Monitoring

If you feel you have the relevant experience and skills required, please do not hesitate to apply now!

Back job search
Back to Search Results