Jobs · Management

SOC Lead (Remote or Onsite)

Crane Company · Stamford, CT · 1 mo ago
ManagementFull-time

Core Function

This role will be responsible for performing and leading investigations and helping to implement and develop solutions supporting the incident response function. You must be experienced and excited about leading the daily work of security analysts in triaging incoming alerts, and you are adept at prioritizing response and effective remediation of threats.

In this capacity, you will be helping to define and implement processes and standard work for the global security operations function, including playbook development, building threat intelligence informed detections, and performing detailed investigations.

This is a very hands-on position; doing threat hunting, utilizing an advanced security stack for daily work, and ensuring team SLAs and performance is met and delivered.

Responsibilities

  • Ensure the timely identification, response, investigation, and remediation of all security events and incidents.
  • Lead daily work of security operations center team members and provide support to teams in other geographies and time zones as required.
  • Develop standard work and processes, build playbooks, and implement analysis logic supporting automation efforts using various techniques including scripting and coding within platforms, APIs and related technologies.
  • Enrich and implement additional detective capabilities to enhance or improve incident identification and response.
  • Using SOAR techniques, automate and integrate workflows between SIEM, various IR platforms, and other solutions and technologies.
  • Work closely with the broader global security team, supporting the analysis and tuning of the effectiveness of solutions, configurations and processes.
  • Work closely with Information Technology to identify risks and weaknesses as a component of our vulnerability management program.
  • Contribute to the broader program to ensure best practices are identified and integrated into our approach and methodologies.
  • Support the security infrastructure administration and operations function as required.
  • Ensure all security incidents for self and team are fully and accurately investigated with comprehensive and effective remediations clearly defined and communicated to stakeholders.

Qualifications And Competencies

  • Senior level experience in security operation center function supporting medium to large enterprises performing incident response.
  • Prior responsibilities performing triage, assignment, and closed-loop investigations for a team of SOC analysts and/or incident responders.
  • Proven results developing and implementing methods, processes, and procedures for detecting, responding, and resolving computer security incidents.
  • Deep understanding of present-day cyber-threats, attacker techniques and behaviors, and effective methods to both detect & repel these threats for a global organization with a distributed enterprise IT environment.
  • Prior experience using automation tools leveraging custom development, scripting, and solution platforms.
  • Prior experience writing tools to automate tasks and integrate various systems in Python, Powershell, and other scripting languages.
  • Experience with writing interfaces utilizing, JSON, XML, and REST APIs.
  • Experience performing data normalization, correlations, and visualizations.
  • Experience with supporting security technologies such as EDR, firewalls, proxies, web and email filters, application allow-listing, sandboxing, SIEM, threat intelligence, vulnerability scanning, syslog, IDS/IPS, DLP, etc.
  • Broad technology experience with enterprise-level IT technologies including networks, endpoints, virtualization, cloud, operating systems, email, storage, databases, etc.
  • Familiarity with relevant multi-national financial, privacy, and governmental regulatory requirements.
  • Highly motivated and self-directed with a passion for solving complex problems.
  • Excellent verbal and written communication skills.
  • Must be able to prioritize based on risk, schedule and track to deadlines for self and team members.
  • Able to cope well with pressure and make sound decisions in uncertain situations.
  • Flexibility to work outside regularly scheduled/normal business hours.
  • Ability to travel both domestically and internationally, with little notice (as required).

Required

  • 5 years relevant professional experience in Security Operations and Incident Response Management.
  • 2 years supervisory experience leading SOC/IR analysts.
  • Technical professional security certifications in Incident Response, Digital Forensics, or Malware Analysis, such as GCIH, GCFA, GNFA, GCTI or similar.

Desired

  • Degree in a related field.

Additional Information

US Person as defined under EAR PART 772 AND ITAR 120.15

Crane Company. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, gender, sexual orientation, general identity, national origin, disability or veteran status.

Similar jobs

Technical Lead - Remote

YO IT ConsultingUnited States· 2 mo ago
RemoteEngineeringapply on yohrconsultancy.hiresome.ai

SOC Lead

Zachary Piper SolutionsManassas, VA· 3 days ago
OTHR$150k–$170k/yrapply on careers.zacharypiper.com

SOC Lead

Zachary Piper SolutionsManassas, VA· 1 wk ago
Management$160k–$170k/yrapply on careers.zacharypiper.com