General Manager, SOC
POSITIONS DESCRIPTION & REQUIREMENTS
Position Title | Practice Mgr. /GM Security Operations (SecOps) | Report to | Chief Operating Officer |
Business Unit | Security Operations | Cost Centre | Cyber Audit Team |
Employment Status | Full Time | Salary Range | TBA based on experience |
Travel Requirements | As Required | Direct Reports | TBC |
Closing Time | TBC | Authorised by | Managing Director |
INTRODUCTION
Cyber Audit Team (CAT) is 100% focused on Cybersecurity & Information Security – in fact, it’s all we do.
Our Gold Coast based Head Office and Cyber Intelligence Centre (CIC) provides our clients with fully Managed Security Services via 24×7 cybersecurity monitoring services, threat intelligence, cyber analytics, threat hunting, dark web threat intelligence, cyber incident response and a number of other managed security services.
Our small, but rapidly growing team demonstrates impressive industry knowledge, leadership and experience traversing Military Intelligence, Law Enforcement, Threat Intelligence, Information Security, Cybersecurity, Managed Security Services, Data Protection & Privacy, Information, Communication & Technology, Governance, Risk & Compliance, Digital Forensics and Forensic Auditing.
Partnering with industry recognised ‘best in class’ services providers and government agencies to deliver holistic end-to-end multi-disciplinary Managed Cybersecurity Solutions as a Managed Security Service Provider (MSSP) to SMEs. Our three-phase approach enhances a client’s Information Security/Cybersecurity resilience, preparedness and posture, whilst mitigating notifiable data breaches and potential brand and reputational damage
CAT leverages industry recognised ‘best in class’ global partners and government agencies to deliver holistic end-to-end multi-disciplinary Managed Cybersecurity Solutions as a Managed Security Service Provider (MSSP) to SMEs. Our three-phase approach enhances a client’s Information Security/Cybersecurity resilience, preparedness, and posture, whilst mitigating notifiable data breaches and potential brand and reputational damage.
Working collaboratively with our clients, we offer insights and perspective on pivotal issues that impact risk across information technology, cybersecurity resilience, fraud protection and more. Through our Initial client engagements (Cyber Resilience Assessments) we pivot to our Managed Cybersecurity Services, enabling us to work closely with our clients. We ensure compliance with both Australian privacy regulation (i.e. Notifiable Data Breach Scheme) and industry information security requirements (i.e. PCI-DSS), whilst also protecting their businesses and digital assets form unauthorised access, theft, fraud or extortion.
Our services provide companies with a richer understanding of their current Cybersecurity posture, enabling them to make better operational decisions towards implementing appropriate and affordable solutions to protect their companies, their business data and their client’s Personally Identifiable Information (PII), thus mitigating their corporate and brand risk.
OUR VISION
Our vision is to become Australia’s recognised and trusted Information Security / Cybersecurity thought leaders, delivering our clients the peace of mind that their businesses are operating in a safe, secure and compliant cybersecurity environment. We will achieve this through the delivery of independent, affordable, high-quality, innovative Information Security/Cybersecurity services and solutions.
ABOUT YOU
We’re looking for a dynamic and motivated candidate with strong experience in Cyber Incidence Response (IR) and ideally a background in SOC analyst leadership / management roles and/or penetration testing and red teaming. Experience in developing previous SOCs, underpinned by experience with SIEM/SOAR will be highly regarded and will enable the successful candidates to effectively lead a team of security professionals in high-pressure incident response and remediation engagements within the SecOps practice.
You are an experienced security professional with a proven ability to develop, support and mentor future level 1 and 2 security analysts within our SOC / Cyber Intelligence Centre (CIC) as an escalation point for incident handling. The successful candidate will be the lead across all client incidents, able to effectively prioritise and manage incidents, providing subject matter expertise to ensure a successful resolution. Through engagement and consultation, the Practice Mgr. / GM SecOps should maintain advanced knowledge of Threat Actors’ TTPs, together with emerging technologies in order to identify and internally promote other appropriate new product development areas within the marketplace.
ABOUT THE ROLE
The successful candidate will be responsible for overseeing the ongoing development of our Security Operations practice. Initially, you will be responsible for maturing the SOC / Cyber Intelligence Centre (CIC) practices, to monitor and respond to identified issues, towards providing timely and effective support to our clients to help mitigate, remediate and identify the cause of a cyber incident and the impact it has had on their business.
You will work collaboratively with our clients to identify the most effective methods of mitigation and returning their organisation to normal operations as quickly and safely as possible. The successful candidate will have the opportunity to join a leading, Australian Information Security company with significant Australian and international growth opportunities. An attractive salary package will be negotiated with the successful candidate, commensurate with experience and qualifications.
Responsibilities will include (but not limited to):
Initially
- Liaising with vendors to setup and operate internal and client managed security environments
- Provide support to analysts in triaging security incidents/alerts to focus response activities on priority events
- Oversee monitoring of client networks and endpoints for security events/alerts for active threats, intrusions and/or compromises
- Monitoring and assessing emerging threats and vulnerabilities to the environment and ensuring those requiring action are addressed
- Guide analysis of security events from multiple sources including but not limited to events from the Security Information and Event Management tool and Open Threat Exchanges
- Analysing specific incidents from detection through to developing a containment strategy and executing subsequent remediation plans
- Defining and implementing business rules for end point and network security systems and correlation rules to identify security events of interest
- Enhancing documented procedures for recording, assessing, analysing, communicating, rectifying, escalating and reporting security incidents
- Producing detailed written reports outlining the circumstances around the event and add further input into lessons identified
Rapidly
- Develop a roadmap towards a 24/7 security operations and incident response capability
- Monitor, analyse, mitigate and triage security events as part of a 24/7 rotating support team
- Recruiting, mentoring and support for level 1 and 2 CIC team members
- Acting as the escalation point and incident manager for cybersecurity incidents identified through the level 1 and 2 CIC analyst teams or raised directly by a client
- Providing crisis management guidance and directing incident investigation and containment activities
SELECTION CRITERIA
Knowledge & Experience
| · Minimum of 3-5 years of experience working within SOC environments or similar relevant experience · Previous experience of developing / implementing SOCs desirable · Demonstrable experience in leading cyber incident response engagements (either in-house or as a consultant) · Demonstrated experience in implementing and managing SIEM/SOAR technologies · A high-level understanding of data protection legislation such as EU GDPR and the Notifiable Data Breach (NDB) scheme | |
Education & Qualifications | · Minimum of a Bachelor Degree in Computer Technology or Business highly advantageous to the role (MBA highly regarded) · Recognised security qualifications such as CISSP/CISM, GIAC, GCIH, GCDA etc. will be well regarded | |
Communication skills | · Articulate and credible, with enhanced EQ (Emotional Intelligence) awareness · Excellent communication skills that translate into the ability to effectively handle high business impacting incidents · Demonstrable ability to develop, lead, mentor and engage a Security Team within a SOC environment · Ability to engage and influence at Board and CxO levels with investigative questioning techniques | |
Technical Skills | · Strong working knowledge of a variety of security technologies (e.g., IDS / IPS, DLP, Firewall, Proxies, Anti-Virus) · Exposure to cloud technologies such as Azure/AWS etc. · An enhanced understanding or threat actor Tactics, Techniques and Procedures (TTPs), together with the cyber kill chain · An understanding of the current threat landscape, response, and mitigation strategies used in information security and cybersecurity (MITRE ATT&CK etc.) · An ability to provide technical analysis and direction for investigations · An understanding of networking protocols and infrastructure designs; including, firewall functionality, routing, encryption, host and network intrusion detection systems, load balancing, and other network protocols · Be able to complete post-mortem analysis of network logs, traffic flows and other activities to identify malicious activity on a network · Ideally, you should also have the ability to analyse and reverse engineer various file types including providing dynamic and static analysis of malware artefacts and binaries as well as other malicious attack files · Penetration testing and red teaming skills highly desirable | |
Personal Qualities | · Strong investigative and analytical problem-solving skills with an aptitude for automation · Dynamic and resilient team player, with a flexible and adaptable work approach, underpinned by honed organisational and time management skills · High levels of integrity with an ability to generate innovative ideas and solutions · Autonomous, self-motivated and results driven with excellent relationship management skills and a sense of urgency · Ability to maintain composure under pressure and work calmly under pressure · Ability to manage multiple tasks and schedules · Inherent passion for information security and service excellence | |
Mandatory Requirements | · Australian citizen or have permanent residency status, or a visa permitting you to work in Australia permanently (must provide proof) · Willing to undergo extensive vetting process and background checks | |
WHAT YOU WILL LEARN
In addition to hands-on client experience, you will grow your career through our training curriculum that offers job-specific training and security certification support. You’ll learn from our security luminaries, receive personalised career coaching and leverage insights from global cyber labs and innovation centres. This will help you bring a front-line perspective to match the pace of intensifying security challenges brought on by the most ingenious attackers.
PROFESSIONAL DEVELOPMENT
The Chief Operating Officer conducts monthly performance meetings for the all staff. During your appraisal you will collaboratively set / review your personal progress, key performance indicators and professional development plan, and identify any training needs.
CORE VALUES
Cyber Audit Team’s core values will be an important part of your role as Practice Mgr. / GM SecOps and will guide you in your internal and external relationships. These shared values influence: our professional ethics and practices; the way we work and interact with each other; the way we serve our clients; and how we engage our stakeholders.
