Deputy Manager

Roles and Responsibilities:

• Lead the development and optimization of advanced security content, including correlation rules, alerts, and playbooks, to improve threat detection and response capabilities within the SOC environment.
• Conduct in-depth analysis of security events, logs, and alerts to identify patterns, trends, and potential indicators of compromise (IOCs), and translate findings into actionable detection and response rules.
• Evaluate and tune existing detection rules, signatures, and policies in security information and event management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), and other security tools to optimize detection accuracy and minimize false positives.
• Lead strategic initiatives to enhance SOC capabilities, such as implementing new technologies, developing innovative detection methods, and improving operational processes.
• Provide expertise and guidance on the selection, deployment, and configuration of security technologies to support SOC content requirements, including SIEM platforms, threat intelligence feeds, and log management solutions.
• Mentor and train junior SOC analysts on content management best practices, methodologies, and tools, and provide technical assistance and support as needed.
• Contribute to the development and maintenance of standard operating procedures (SOPs), guidelines, and documentation related to SOC content management processes and procedures.
• Participate in incident response activities, including incident analysis, containment, eradication, and recovery, and provide support and guidance to SOC analysts during security incidents.
• Stay current with industry trends, emerging threats, and best practices in security content management, and incorporate this knowledge into SOC operations and strategic initiatives.
• Experience in integrating unsupported devices and developing the parsers.

Skills Required:

• Excellent analytical and problem-solving skills, with the ability to analyze complex security incidents and identify actionable insights.
• Strong communication and collaboration skills, with the ability to work effectively with cross-functional teams and stakeholders.
• Extensive experience with security technologies, including SIEM platforms (e.g., Splunk, QRadar, ArcSight), IDS/IPS, endpoint detection and response (EDR), and network security monitoring (NSM) tools.
• Proficiency in writing and implementing advanced detection and response rules using query languages (e.g., SPL, YARA, Snort) and scripting languages (e.g., Python).
• Candidate must have understanding on UEBA and AI/ML based Usecases.
• Understanding of MITRE ATT&CK, NIST cyber incident response framework and Cyber kill chain.