SOC Operation Team Lead

Job Description

Reporting to Head of Cyber Threat Hunting Unit. As a SOC Operation Team Lead, you will be leading a team of SOC Operation to mature the detection engineering capabilities in Cyber Operation. You will be responsible for delivering on security monitoring requirement and maintaining the content catalogue for Cyber Operations. As a team lead there is an emphasis on coaching and mentoring in this role; you will work to bring the expertise to your team.

Location

• Phnom Penh (01 Post)

Duties and Responsibilities

• Leads and supports the Security Analyst team, effectively driving team strategy, goals and performance objectives;
• Establishes team and individual goals that support overall objectives, coaches, mentors, and provides career development guidance;
• Strategic planning and lead the SOC Operation team to ensure effective result delivery based cyber security roadmap and goals;
• Collaborate with Red Team to address the security gaps, understand threat technique to ensure the effective of detection and fine tuning all necessary rules to detection threats;
• Closely collaborate with Threat and Vulnerability Team to ensure new technique, threats, vulnerability and zero-days are proactively identify priority to the incident as well as ready to detect if any attack targeted the Bank;
• Strongly collaborate with Cyber Assurance Team to ensue no finding from audit;
• Creation of detailed reports on the status of the SIEM to include metrics on items such as number of loggings sources, log collection rate, and server performance;
• Handle project advancement and automation SIEM to improve SOC capabilities that can detect both external and internal security threats to respond effectively in a timely matter while mitigating the risk to the organization;
• Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management;
• Design, develop, and fine tune correlation SIEM rules both existing and new use cases detection in response to new cyber threat or gaps of security detections;
• Perform capacity planning and Maintaining SIEM platform stability and health and providing regular communication on a regular basis;
• Monitoring system capacity to ensure that the platform does not encounter resource issues;
• Diagnosing and resolving incidents related to the platform;
• Lead the development of enhanced detection capabilities mapped to the MITRE ATT&CK framework and other industry standards;
• Collaborate with key stakeholders within the Bank, application owners, system owners to develop specific security alerts use case to address specific business needs.

Skills and Qualifications

• Bachelor’s degree of IT, Computer science or other related fields;
• At least 5 years of experiences implementing and maintaining the cyber security controls, incident response;
• Over 2+ year experience on SIEM and Use case development;
• Excellent understanding and proven hands-on experience in SIEM concepts such as correlation, aggregation, normalization, and parsing;
• Solid experience in System Administrator, Network security and Web applications architecture;
• Excellent understanding of Cyber Security Operations, Incident Response processes;
• Professional Industrial Certified, SIEM,  CySA+, CASP, CISM is desirable;
• Strong problem solving and analytical abilities Able to work under minimal supervision;
• Detail oriented;
• Good verbal, communication skill and written English skills to present to senior management;
• Knowledge of information security terminology, controls, and practices.

How to apply

Interested and qualified applicants should submit your updated Cover Letter and CV stating the position applied for with your current photo (4x6) through [email protected]remove-this.ababank.com.