Ubicación
Barranquilla, Atlántico
Descripción completa del empleo
Job Summary:
The SOC Lead is responsible for managing and supporting the Security Operations Center (SOC) team, ensuring the effective monitoring and protection of the client's infrastructure environments according to best practices. This role entails leading SOC Analysts, implementing ITIL best practices, and aligning SOC operations with company goals to ensure customer satisfaction and maintain high levels of system availability and security performance.
Responsibilities:
- Minimum of 3+ years working experience in a security operations center (SOC), network operations center, or a related field.
- Minimum of 2+ years working experience in supervising or managing a team of 5 or more individuals (Nice to Have).
- Experience with the basic administration of Windows servers (v. 2012-2019), including a fundamental understanding of security infrastructure.
- Experience in incident response, threat detection, and security monitoring.
Education:
- A bachelor's degree in computer science, Industrial Engineering, Information Technology, or related fields. Alternatively, a minimum of five years of equivalent working experience.
- Have at least one of the following certifications: GIAC Certified Incident Handler, Microsoft (AZ-500, SC-200 or SC-300), AWS (Security Specialty), EC-Council (Ethical Hacker, Network Defense) or similar certification.
- Additional certifications are advantageous.
Technical Competencies:
- Knowledge of or training in best practices or IT frameworks, such as ITIL. ITIL Certified (Nice to Have).
- Patching Management: Good understanding of patching management best practices.
- Security Monitoring Tools: Proficient in using and managing SIEM tools (e.g., MS Sentinel, Wazuh)
and other security monitoring applications.
- Incident Response: Understanding of incident response processes and security incident management.
- Security Frameworks: Familiarity with security frameworks and standards (e.g., NIST CSF, ISO 27001, MITRE ATT).
- Active Directory Services: Knowledge of Active Directory and its security implications.
- Cloud Computing: Familiarity with cloud computing concepts and basic security operations in cloud environments (e.g., AWS, Azure).
- Virtualization Technologies: Understanding of virtualization technologies (e.g., VMware).
- Email Security: Familiarity with MS Office 365 and email security applications.
- Virtualization and Server Administration: Basic knowledge of Windows Server (2012-2019) and Linux administration.
- Disaster Recovery: Basic knowledge of disaster recovery techniques and business continuity planning.
- Excellent written, verbal, and interpersonal skills.
Personal Competencies:
- Effectively lead and motivate a team in charge of responding to a 24/7 operation with high peaks of workload.
- Actively seeks ways to help clients and ensures a positive customer experience.
- Listens and communicates clearly to support organizational objectives.
- Uses logic and reasoning to identify the strengths and weaknesses of alternative solutions, conclusions, or approaches to problems.
- Demonstrates honesty and adheres to strong moral principles in all professional interactions.
- Actively collaborates with team members to achieve a common goal or complete tasks effectively and efficiently.
- Demonstrates the ability to adapt to changed circumstances or environments, learning from experience to improve competitiveness.
- Possess the capacity to understand and analyze situations when multiple issues or tasks arise simultaneously, working in the correct order based on impact and urgency.
- Exhibits ability to provide clear, concise, & constructive feedback for growth & development to direct & indirect reports on a regular basis.
- Demonstrates ability to work independently and in a group to produce successful results.
Language Skills:
- Proficiency in English and Spanish (Oral and writing at 85% or higher), with a minimum of B2 level proficiency in both languages being a requirement.
Skills and Experience:
- Oversee continuous tracking of security events and alerts using SIEM tools.
- Analyze and correlate security data to identify potential threats and vulnerabilities.
- Ensure timely and accurate detection of security incidents to maintain high system availability and security posture.
- Lead the SOC team in responding to security incidents, ensuring effective containment, eradication, and recovery.
- Act as Incident Manager for major incident outages, coordinating cross-functional responses.
- Work closely with and in support of the IT Operations Center, Service Desk, Engineering team and vendors to expedite issue resolution.
- Develop and implement incident response plans, playbooks, and standard operating procedures (SOPs).
- Coordinate with external partners, law enforcement, and other stakeholders during major security incidents.
- Perform analysis and reporting of different metrics related to team performance and incident handling.
- Prepare comprehensive reports, metrics, and presentations for senior management and stakeholders.
- Identify opportunities for automation and process improvement to enhance the SOC's operational efficiency.
- Support the overall management and process improvements for SOC in accordance with company goals.
- Implement and manage automated workflows, scripts, and tools to streamline security operations and incident response.
- Maintain detailed and accurate documentation of security incidents, response actions, and lessons learned.
- Contribute to the development and enhancement of Standard Operational Procedure (SOP) documentation and security policies.
- Contribute to the hiring, mentoring, performance management and retention of staff.
- Follow up team members yearly goals.
- Conducts monthly, midyear and annual reviews.
- Receives services for onboard clients and ensures the team can deliver the support.
- Serve as backup for Security Operation Center analysts as needed.