SOC and CSIRT Manager

Job Description

Mission:

• To manage and continually improve Security Operation Center and Computer Security Incident Response Team (CSIRT), processes and solutions.
• To provide visibility on all network and systems activities from security point of view.
• To effectively manage all security incidents from detections to resolution and ensure all types of security incidents can be detected and responded.

Responsibilities:

• To work alongside the team to detect and respond to information security incidents, develop, maintain, and follow procedures for security event alerting, and participate in security investigations.
• To be responsible for the day-to-day management of security service, including SLA and performance management, metrics development, management of process and procedures, recommending security improvements and developing, implementing, and ensuring compliance with all security policies and procedures.
• To manage the cyber security SOC to ensure continuity of 24x7/365 security services across MTNIrancell while overseeing security event monitoring, management, and response.
• To perform ongoing review and tuning of Security Information Event Management (SIEM) scenarios to detect new and more threats and improve detection quality.
• To ensure incident identification, assessment, quantification, reporting, communication, and mitigation while confirming SLA compliance, process adherence, and process improvement to achieve operational objectives.
• To ensure daily management, administration, and maintenance of security devices under the purview of the SOC, which consists of state-of-the-art technologies.
• To perform threat management, threat modelling, identify threat vectors, and develop use cases for security monitoring.
• To be responsible for overseeing integration of standard and non-standard logs in SIEM and review/ revise the processes to strengthen Security Operations.
• To manage gathering evidence, evaluate risk and deliver a plan to respond to contain and remove security threats as quickly and safely as possible
• To verify discovered vulnerabilities according to metrics; correlate and collate the information; and create intelligence reports that communicate the results of the analyses to management and related stakeholders (e.g., C-Suite, executives, government decision-makers, security officials).
• To build and maintain positive working relationship with stakeholders including cooperating with CRA and FATA Police to meet their requirements.
• To define, develop and review key security performance indicators that ensure service delivery and service improvements.
• To manage, implement and continually improve Digital Forensics capability, tools and processes.
• To establish and continually improve security incident management processes to effectively manage security incidents from detection, analysis, containment, eradication to recovery and lesson learned process.
• To follow needed regulatory process in digital forensics operation to be able to follow security incidents in legal cases.
• To develop and revise processes to strengthen the current Security Operations framework, review policies and highlight the challenges in managing SLAs.
• To educate ITS and NWG teams on importance of security monitoring and need for improvement in log collections.
• To liaise with ITS and NWG teams to define new scenarios to detect unauthorized and malicious activities.

Requirements:

Education:

• Bachelor’s Degree in Technology Systems (Telecommunication Management/Information Technology) or related discipline.

Experience:

• At least 5 years of experience in SOC/CSIRT areas with experience in supervising/managing others.
• Experience working in a medium to large organization.
• Experienced with log analysis tools, creating parsers, correlation rules, and managing dashboards.
• Experience in developing, documenting, and maintaining security procedures.
• Desirable SSCP, CEH, CISSP, SANS, or similar.