Senior Manager, Security Operations Center
Bloom Energy · San Jose, CA · 2 wk ago
Information Technology$179k–$257k/yrFull-time
Responsibilities
- Oversee 24/7/365 SOC operations
- Lead a team of cybersecurity analysts performing detection, triage, escalation, monitoring, and ensure effective coordination of all incident response activities
- Own all the administration, fine tuning, and optimization of all SOC tools engineering efforts including timely and accurate analysis of alerts - SIEM, SOAR, EUBA, Threat Intelligence, Data pipelines, Security Data Lake, and NDR
- Lead transformation of existing SOC to AI-powered SOC
- Develop detailed incident response playbooks, implement 24x7x365 monitoring and reporting procedures, and provide regular situational awareness updates to senior management
- Manage day-to-day SOC operations, staffing all shifts, ensuring continuous monitoring of Bloom Energy networks and systems for security events and anomalies
- Lead SOC analysts performing event detection, triage, escalation, and coordination with incident response teams
- Develop, implement, and maintain SOC standard operating procedures (SOPs), playbooks, and escalation protocols
- Ensure timely and accurate analysis of alerts from SIEM, EDR, and network monitoring tools such as NDR
- Cook up coordination with cybersecurity, IT operations, NOC, GRC, and Risk Management teams to ensure an integrated defense posture and rapid response to incidents
- Oversee SOC training programs, ensuring analyst proficiency in threat detection, correlation, and response processes
- Oversee proper hand-off process between different shifts
- Rigorously conduct root-cause and trend analysis on incidents to identify systemic vulnerabilities and areas for improvement
- Prepare and regularly report SOC related metrics, KPIs, KRIs
- Prepare daily, weekly, monthly, and quarterly operational reports and briefings for senior management
- Advise leadership on emerging threats, attack trends, and SOC performance metrics
- Drive continuous improvement of monitoring coverage, use cases, and automation within SOC tools and workflows
Requirements
- Bachelor's degree cybersecurity, information systems, or a related technical field and/or 12-15 years of experience in cybersecurity domain including security operations, analysis, and/or incident response
- 5+ years managing Security Operations team
- Experience with SOC tools such as SIEM, SOAR, IDS/IPS, EDR, NDR, Threat Intelligence and Incident Response
- Proven ability to coordinate cross-functional teams during incident response and recovery
- Familiarity with tools such as Splunk, Recoded Future, Elastic, Tenable, and SOAR platforms
- Knowledge of MITRE ATT&CK, and NIST 800-61 (Computer Security Incident Handling Guide)
- Experience implementing SOC metrics, KPIs, and automation strategies
- Leadership, communication, and presentation skills, with the ability to brief senior leadership team