Main Purpose of the Role
The Security Operations Engineering Lead is responsible for managing and maintaining the Security Operations Centre technologies and infrastructure, and providing security technical/engineering support to Advanced and its customers. This role will also provide a technical security consultancy to Advanced and its customers; support internal Advanced and customer projects; and provide security input to the design and architecture of Advanced solutions and services..
Main Duties and Responsibilities
- As the Security Operations Engineering Lead you will:
- Implement, maintain, develop and improve SOC related infrastructure and technologies (SIEM, IDS/IPS, AV, WAF, NAC etc).
- Lead the engineering element of the SOC Team and manage resources effectively.
- Mentor other members of the SOC Operations and Engineering Team.
- Ensure platform and technology stability.
- Ensure that the availability of the platforms exceeds contractual obligations.
- Assist in the development and design of SOC technology architectures and services.
- Provide security architecture support to the Advanced Professional Services Team.
- Provide technical security consultancy to Advanced’s internal and customer projects.
The ideal candidate will bring with them/be:
- An Open & consultative style.
- An ability adapt to change in fast pace environments.
- A Strong attention to detail.
- Understand Technology is driven by business need.
- Able to challenge constructively.
- A completer / finisher.
- A strong sense of accountability.
- Inclusive in approach to team management.
- Confidence in own ability and decision making.
- Strong focus on facts and analysis to support decisions.
- Able to manage complex and large scale technical solutions.
- Able to manage their time effectively.
- Able to manage projects.
Knowledge and Experience
- Knowledge and hands-on experience in management of IDS/IPS, Firewalls, Anti-Virus solutions, WAFs, NAC, DLP, Vulnerability Assessment tools, VPN, and other security products.
- Experience with managing and maintaining Security Information Event Management (SIEM) tools, and supporting technologies.
- Knowledge and hands-on experience installing, configuring and fault finding SIEM solutions.
- Experience of the assessment and creation of SIEM correlation rules in order to implement GPG13 guidance.
- Security incident investigation and response.
- Experience designing and integrating SOC solutions for new and existing customers.
- Experience or ability to design / architect security solutions.
- Experience in providing technical security consultancy to projects and solutions architects.
- Should have expertise on TCP/IP network traffic and event log analysis
- Knowledge of ITIL disciplines such as Incident, Problem and Change Management
- Ability to influence senior management.
- Strong analytical skills.
- Broad technical knowledge (applications & infrastructure).
- Strong written and verbal communications and presentation skills.
- Strong leadership and negotiation skills.
- Willingness to learn new technologies and ability to apply that learning.
- Cloud security experience.
- Red team experience.
Education / Qualifications
Preferably educated to Degree level or similar business based experience.
ISC2 and GIAC certifications are an advantage.