SOC Lead

Doorsturen
 
  • Vakgebied IT
  • Dienstverband Fulltime
  • Vacaturenummer VAC-10027339
  • Locatie Abcoude
  • Type overeenkomst Secondment via YER
  • Branche IT & Telecom

Over deze vacature

This role is part of Group IT Function and has a main responsibility for supporting Group IT Security with activities related to Security Operations Centre. This role will be accountable for the daily SOC Operations from supervision of L1/L2 analyst; lead, organize and control investigation, provides know how and expert advice of the escalated security events. The individual requires full coordination with the various team on the detected and escalated security events ensuring proper follow up until resolution. Act as the management point of contact for any incident and initiate actions in response to incidents.


Functie

  • Manage the security monitoring, detecting and analysis of events related to security, ensuring proactive and appropriate defence.
  • Lead the investigation and remediation of the existing threats arising from central event monitoring tools.
  • Participate on the Use Case Development supported by the SIEM and security tools.
  • Act as a point of escalation for detected security events within and outside the team.
  • Support the SOC Managers from designing and building an effective SOC. Including but not limited to developing new ideas on how to improve the security Operations, creates technical procedures, handling guidelines and playbooks.
  • Work with the global SOC on responding and resolving events generated by the SIEM.

Security Projects & Deployments

  • Drives the implementation of the central event monitoring tools.
  • Coordinates the implementation of the other projects when necessary. Lead the integration, deployment, and various testing.

Daily Operations

  • Ensure various tickets and escalated security issues are being handled in a timely manner
  • When needed, conduct forensic investigations, malware analysis, reverse engineering, advanced investigation utilizing various in-house and open-source security tools.
  • Prepares various reports and metrics as defined by the management.
  • Attends meeting and participate to various cyber exercises.

Bedrijf

Our client has grown into the world’s largest international health and beauty retailer, they strive to connect their international network of 12 retail brands to make the world a happier and healthier place together.

Aanbod

  • A strong market-based salary via YER, matching your education and experience;
  • Minimum 25 vacation days and 8% vacation allowance;
  • Hybrid works;
  • Travel allowance;
  • Good pension scheme;
  • Very fringe benefits;
  • 9 out of 10 YER professionals enter into permanent employment with the client after their hiring period via YER;

Profiel

Person Specification

  • Degree holder in Computer Science or related disciplines. GIAC Cyber Security Cert or CISSP qualification is a big plus.
  • 5+ years of experience in information security incident handling and SOC operations.
  • Experience supervising a medium-sized Security Team
  • Hands on Cyber security solution implementation and operation, especially in SIEM and various security tools.
  • Microsoft SC-200 Certification (Microsoft Security Operations Analyst) Strong problem-solving skills and fast learner.
  • Liaison skill & teamwork, passion & commitment mentality
  • Good interpersonal and communication skills.
  • Good command of written and spoken English


Technical Requirements

  • Solid support experiences on Splunk operations and project implementations including the integration of other enterprise security tools such as SOAR, EDR, Enterprise Anti-virus, Vulnerability Management, and other supporting tools.
  • Broad experience on Splunk systems maintenance and troubleshooting (Splunk components like Heavy Forwarders and Deployment Servers)
  • Experience working with scripting languages for Microsoft Suite (MDE, Sentinel)
  • Basic events handling experience in EDR (MS MDE), NDR (Vetra AI), MS Sentinel interface.
  • Experience analysing
  • Well experienced in security incident handling.
  • Broad knowledge of cyber security concepts including vulnerabilities, web and application security, access controls and secure architectures.
  • Experience in ITSM tools.
Doorsturen