Ensure all threats at customer environment are detected and notified in timely manner.
Ensure customer deliverables are being provided as per agreed service level agreements.
Understand customer requirements and translate these into service outputs.
Keep track of scope and scope deviations, scheduled and adhoc deliverables.
Work with platform administration function to ensure integration of new devices, ensure health of monitoring infrastructure.
Ensure threat scenarios and operating procedures are in line with best practices and customer expectations.
Strong analytical and technical skills in computer network defence operations
Incident Handling (Detection, Analysis, Triage)
Hunting (anomalous pattern detection and content management).
Prior experience of investigating security events.
Should be able to distinguish incidents as opposed to non-incidents.
Working knowledge of
-operating systems
-network technologies (firewall, proxy, DNS, Netflow)
-Active Directory
-Network communications and routing protocols (e.g., TCP, UDP, ICMP, BGP, MPLS, etc.)
-Common internet applications and standards (e.g., SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).
Identify Gaps and Proactively fix what is Committed vs Delivered:
-Monitoring log sources as per scope are very crucial to SOC operations. SOC Lead should ensure governance and validity of in-scope/out-of-scope log sources.
-Ensure that each log source has use cases, hunting models, and no threat detection aspect is getting missed.
-Gap analysis based on customer domain / business applications / technology deployed etc:
SPOC: Response to client problems/requirements:
-First response to the customer queries and complete ownership till query is addressed.
-Log source integration/decommission etc.
-coordinating with other internal units within Atos for timely response to client.
Show value/benefits of the delivery (MDR) during MIS/QBR meetings
-Timely closure of operational tasks
-Articulate SOC value add, proactive threat detection, new feature releases, etc. in MIS/QBR meetings.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to .
To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: .
Required Skills & Experience
Minimum 9-year total SOC experience with minimum 5+ years in a Delivery Manager role
Proficient experience in Splunk and CrowdStrike
Wide range of cybersecurity tools and knowledge
Have minimum 5 years experience in client facing roles.
Good understanding of SIEM SOC concepts and operations
Clear technical and operational understanding of areas worked in
Good verbal & written communication skills
One Certification Preferred CCNA or CEH, CISSP
Nice to Have Skills & Experience
Engineering graduate preferably B.E. /B tech in I.T of Computer Engineering
Certifications: CCNA or CEH
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.