SOC Lead

Desired Competencies (Technical/Behavioral Competency)

Must-Have:

 Extensive demonstrable experience of managing, investigating, and responding to cyber incidents.

 Deep knowledge and understanding of coordinating cross-organizational responses to cyber security incidents.

 Strong leadership and exceptional communication skills, both written and verbal.

 Excellent interpersonal skills with the ability to engage and influence stakeholders at all levels.

 Focused and organised, with good attention to detail.

 Good understanding of adversarial techniques.

 Crisis management experience.

 Ability to rapidly absorb and understand complex technical situations under pressure.

 Ability to facilitate conversations with large groups of remote people.

 Ability to maintain calm during stressful situations.

 Ability to translate technical incidents into business terms.

 Working knowledge of SIEM architecture, XDR, and Vulnerability Management, Incident Response tooling.

 Strong understanding of Vulnerability Management processes and tools.

 Experience with Threat Intelligence platforms and the ability to analyse and interpret threat data.

 Strong report writing and communication skills.

 Understanding crisis management, business continuity, and disaster recovery procedures.

 Ability to understand technical topics dealing with technical teams then explain and present them to management level executives.

 Being able to handle multiple competing priorities in a fast-paced environment to proceed high priority tasks to a resolution.

 Relevant certifications such as CGIH, CISM, GCIH, GCFA.

Good-to-Have:

 Strong Cyber Incident Management background.

 Exceptional communication skills and experience dealing with senior leadership and technical stakeholders.

 Detailed technical knowledge of Vulnerability Management and Threat Intelligence as supporting capabilities is essential.

Statement of Work:

 Act as a trusted advisor and Cyber Incident subject matter expert guiding senior leadership to enable the management of business impacts and risk mitigation associated with a cyber incident or data breach.

 Lead and coordinate response to significant cyber incidents delivering effective and timely response measures through a coordinated and structured approach.

 Lead the development of cyber incident response containment plans and remediation strategies with the business; present strategic and tactical plans both orally and in written reports for key stakeholders and all involved third parties.

 Lead improvements in cyber incident response, incident management, incident investigation, and response principles and guidelines for incident management activities.

 Provide the expertise in establishing the extent of a Cyber Attack, the business impacts, and lead remediation activities coordinating with Incident Response and Threat Intelligence delivery teams to handle inquiries, briefings, and status reports in a variety of formats.

 Utilize detailed technical knowledge of Vulnerability Management to identify, assess, and prioritize vulnerabilities within the organization, ensuring that remediation efforts are effectively coordinated and tracked.

 Leverage Threat Intelligence to understand the evolving threat landscape, integrating this information into incident response strategies to enhance preparedness and response effectiveness.

 Technical & Management reporting to demonstrate the effectiveness and value of the team's work.

 Create incident reports and keep incident status up to date through regular updates.

 Oversee all aspects of the incident management process from evaluation to resolution.

 Maintain daily communication with the wider Group Security Operations Team.

 Support the development of incident management playbooks, templates, and coordinate incident exercises.

 Provide written and verbal briefings to key stakeholders and senior leaders.

 Provide incident root cause analysis, with a view to identifying and influencing future prevention by maintaining the Incident knowledge base.

 Work with the Threat Intelligence Team to monitor intelligence sources to maintain situational awareness of the cyber threat landscape and incident trends.