Assistant Manager, SOC

Position Summary

The SOC Assistant Manager plays a critical role in protecting the organization's digital assets through advanced security monitoring, threat detection, and data loss prevention. This position oversees day-to-day security operations, manages security incidents from detection through resolution, and ensures sensitive data is protected from unauthorized access or exfiltration. The role requires both technical expertise and leadership capabilities to guide security analysts and drive continuous improvement in security operations.

Core Responsibilities

Lead the team to monitor and analyze security events from SIEM platforms to identify potential threats, anomalies, and security incidents.

Lead incident response activities including detection, analysis, containment, eradication, and recovery of security incidents.

Perform real-time analysis of security alerts from multiple sources including IDS / IPS, EDR, firewalls, and network monitoring tools.

Perform log analysis and forensic investigation to determine root cause of security incidents.

Create and maintain incident response playbooks and standard operating procedures for security operations.

Monitor and investigate alerts to detect unauthorized data access, transmission, or exfiltration attempts.

Analyze data movement patterns to identify insider threats, policy violations, and potential data breaches.

Define, implement, and tune data loss protection policies based on data classification levels, business requirements, and risk assessments.

Conduct investigations into suspected data leakage incidents and coordinate remediation actions.

Perform regular reviews of policy effectiveness and recommend improvements to reduce false positives.

Required Qualifications

Bachelor's degree in Computer Science, Information Security, Cybersecurity, or related field.

Minimum 8-10 years of relevant working experience.

Strong understanding of attack methodologies, threat actor tactics, and the MITRE ATT&CK framework.

Excellent analytical and problem-solving skills with ability to work under pressure during incidents.

Strong communication skills with ability to explain technical security concepts to non-technical stakeholders.

Proficiency with SIEM platforms (Splunk, IBM QRadar, Microsoft Sentinel, or ArcSight).

Experience with Endpoint Detection and Response (EDR) solutions such as CrowdStrike, Carbon Black, or SentinelOne.

Strong knowledge of network security tools including IDS / IPS, firewalls, and network traffic analysis.

Experience with threat intelligence platforms and integrating threat feeds into security operations.

Knowledge of security orchestration and automation tools (SOAR) for incident response workflows.

Experience with data loss protection policy creation, tuning, and exception management.

Strong understanding of network protocols (TCP / IP, DNS, HTTP / HTTPS, SMTP, FTP) and packet analysis.

Experience with Windows, Linux, and Unix operating systems and security configurations.

Understanding of malware analysis, digital forensics, and memory analysis techniques.

Clear and effective communication with both technical and business audiences.

Flexibility to respond to evolving threats and changing business requirements.

Commitment to staying current with emerging threats, attack techniques, and security technologies.

#J-18808-Ljbffr