Description
The SOC Manager is responsible for all internal cyber security operations tasks and management of the Security Operations Center and the analyst staff associated with the SOC. The manager provides direction to the analysts as well as acts as a liaison to other teams within SIE. This is a position for a self-motivated candidate.
The SOC is responsible for 24x7 security monitoring, triage and response across SIE globally. The Security Operation Center is the main point of contact for any suspected security incident. They work together with the Incident Response team and other subject-matter experts on resolving incidents and remediating threats across SIE organizations, PlayStation Network, and PlayStation Studios.
Essential Duties and Responsibilities:
- Serves as team leader and mentor, defining and tracking goals and performance for SOC analysts.
- Ensure that Service Level Agreements are defined, tracked and met across SIE.
- Develop measurement capabilities and metrics to track and communicate performance, coverage and risk. Maintain awareness of trends in security regulatory, technology, and operational requirements.
- Mentor and guide SOC Lead and Analysts, perform knowledge transfer as required.
- Drive the expansion and growth of the SOC; drive evaluation and integration of new products.
- Ensure that Standard Operating Procedures are up-to-date and followed by the team.
- Seek opportunities to improve security monitoring and operational tasks.
- Evaluate existing SIEM rules, content, events and use cases and adapt to meet the business requirements.
- Work with outside teams in the development of a comprehensive set of operational security policies and standards designed to permit the organization to achieve its business objectives while effectively handling our security and compliance requirements of meeting PCI and SOX goals.
- Improve reports and present in front of leadership on a regular basis.
- Ensure that reports via PlayStation's public bug bounty program are properly handled.
Required Experience, Skills and Knowledge:
- 3+ years managing a team. 5+ years working within the information security field, with emphasis on global (24x7) security operations, incident management, intrusion analysis.
- Solid understanding of general cybersecurity concepts. In-depth familiarity with security policies based on industry standards.
- Thorough knowledge of SIEM technologies, like Splunk ES; proficient with case management and ticketing systems.
- Demonstrated understanding of cyber attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs). Demonstrated hands-on experience analyzing high volumes of logs, network data and other attack artifacts.
- Demonstrated dedication to training, self-study and maintaining proficiency in the cyber security domain.
- Experience with automation development and implementation.
- Ability to lead and communicate efficiently across distributed and diverse teams.
- Experience with cloud environments such as AWS, Azure, GCP and proficient with cloud security services.
- Experience with Endpoint Security, Cloud Security, Network and Application Security.
Desired:
- Knowledge of and experience in Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM), PCI Security Standards.
- Bachelor of Science in Computer Science, Computer Engineering, Information Technology, Cyber Security, Intelligence studies or equivalent experience.
- Certifications such as SANS/GIAC GSOM, GSOC, GCIA, GCIH and other are a plus, but skill level carries more weight.
#LI-GM1
Please mention the word **SURMOUNT** and tag RMzQuMjE3LjMxLjQy when applying to show you read the job post completely (#RMzQuMjE3LjMxLjQy). This is a beta feature to avoid spam applicants. Companies can search these words to find applicants that read this and see they're human.