Soc Lead

Summary

Join Rackspace Cyber Defence as a Security Lead for Security Operations, leading a multi-disciplinary SOC team serving our customers. You will manage a team of first responders, ensuring customer environments remain secure and threats are addressed promptly. This role requires extensive experience in SOC and security engineering, along with expertise in various security tools and technologies. You will be responsible for identifying critical assets, implementing security policies, utilizing threat intelligence, automating security processes, and providing comprehensive reporting and analysis. The ideal candidate is a self-starter with a proven track record in managing a SOC and a commitment to delivering exceptional customer service. This position offers the opportunity to work with cutting-edge technologies and contribute to a dynamic and growing team.

Requirements

• Have 14 years of experience in SOC and Security Eng
• Experience managing a team of Security Operations Engineers, or equivalent
• Experience working in large-scale, public cloud environments and using cloud-native security monitoring tools such as: Azure Security Centre and Sentinel, GCP Security Command Centre, Chronical, AWS Security Hub including AWS Guard Duty, AWS Macie, AWS Config, AWS Security Lake and AWS CloudTrail, Vulnerability Management: Qualys, Microsoft Defender, Endpoint Management: CrowdStrike and Microsoft Defender for Point
• Knowledge of security standards (good practice) such as NIST, ISO27001, CIS, OWASP and Cloud Controls Matrix (CCM) etc
• Experience with security controls, such as network access controls; identity, authentication and access management controls (IAAM); and intrusion detection and prevention controls
• Ability to analyze malware and email headers, and possess skills in network security, intrusion detection and prevention systems; operating systems; risk identification and analysis; threat identification and analysis and log analysis
• Hold one, or more, of the following certificates (or equivalent): Certified Information Security Systems Professional (CISSP), Systems Security Certified Practitioner (SSCP), Certified Cloud Security Professional (CCSP), GIAC Certified Incident Handler (GCIH), GIAC Security Operations Certified (GSOC)

Responsibilities

• Manage a team of first responders, ensuring the Customer’s operational and production environment remains secure and any threats are raised and addressed promptly. This can include monitoring at both the network and application level
• Identify a customer’s critical assets using technical tools and interviews
• Use of, enhancement of, or implementation of new, relevant technology tooling to ensure a customer’s configuration and security policies are enforced
• Use of threat intelligence platforms such as OSINT, to understand the latest threats. Researching and analysing the latest threats to better understand an adversary’s tactics, techniques, and procedures (TTPs)
• Automate security processes and procedures to enhance and streamline monitoring capabilities
• Ensure any reported vulnerabilities are resolved within agreed SLA timeframes
• Maintain in-depth knowledge of each Rackspace customer’s environment
• Provide relevant reporting and analysis (including breach root cause analysis, if required) to customers, on an agreed frequency
• Maintain close working relationships with relevant teams and individual key stakeholders, such as incident response and disaster recovery teams as well as information security etc
• May be required to work flexible working hours
• Handle and close critical incidents and conduct deep investigation and analysis of critical security incidents
• Produce post-breach forensic incident analysis reporting and conduct advanced threat hunting
• Assist with customer onboarding – loading of feeds, etc. to Sentinel
• Develop custom dashboards and reporting templates and develop complex to customer-specific use cases
• Perform advanced platform administration and provide solution recommendations for issues
• Coordinate with different teams for issue resolution

Preferred Qualifications

• Computer science, engineering or information technology related degree (although not a strict requirement)
• A highly self-motivated and proactive individual who wants to learn and grow and has an attention to detail
• A great analyser, trouble-shooter and problem solver who understands security operations, programming languages and security architecture
• Highly organized and detail oriented. Ability to prioritise, multitask and work under pressure
• An individual who shows a willingness to go above and beyond in delighting the customer
• A good communicator who can explain security concepts to both technical and nontechnical audiences