The Security Operations Manager is part of the Group Security team, reporting to the Group Director Security to support their cyber defence by providing initial incident response activities and oversight of the SOC team.
Responsibilities:
- Manage a team of engineers responsible for implementation and tuning of security operations tools.
- Lead incident response and initial triage for security incidents.
- Build, implement and manage effective cyber security risk detection processes and tools, including delivery of periodic reporting and completion of cyber security audits / tests
Lead technical response to cyber security incidents and threat
Develop content for cyber defence tools through developing requirements for the SIEM and determine tactics, techniques, and procedures (TTPs) for intrusion sets.
Build and lead a team of analysts and prioritise work to provide timely detection, identification, and alerting of possible attacks/intrusions
Build and sustain external threat intelligence partnerships
Document and escalate incidents that may cause ongoing and immediate impact to the environment
Lead and direct event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.