Job Description
Primary Purpose
This role is a entry-level leadership position and requires technical expertise and experience in 24/7 SOC operations. The selected candidate will lead a team of motivated and eager Cybersecurity analysts, who provide enterprise-wide event identification, triage and remediation. The team will also escalate to other teams, as necessary. This candidate will help develop SOC processes, procedures and workflows. The candidate for this position should have a clear understanding of SOC operations and is ready to help develop automation, efficiencies and implement best practices based on their knowledge and experience.
Duties and Responsibilities
- Ensure incident identification, assessment, quantification, reporting, communication, mitigation and monitoring.
- Work collaboratively with other cybersecurity teams and business units
- Drive the implementation of emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack.
- Implement standards and procedures to ensure alerts are addressed with relevancy, accuracy and in a timely manner
- Define protocols and maturing of 'playbooks' for operational response to cyber threats
- Operate autonomously to further investigate and escalate in accordance with policies, procedures and defined processes
- Provide teaching / mentoring to SOC I, II & III Analysts
- Lead SOC analysts during incident response actions, advise and coordinate with leadership during active incidents
- Identify, evaluate, develop and report SOC related metrics via dashboard and/or reports
- Manage shift schedules and lead SOC personnel
- Develop, lead and present relevant Cybersecurity tabletop exercises to SOC staff and relevant stakeholder groups for the purposes of identifying process improvement opportunities.
- Performs other duties as assigned (no more than 5% of duties).
Qualifications
Education
- Associate's Degree Information Technology, Cyber Security or Computer Science. Preferred
Experience
- 2+ Experience working within Security Operations Center AND using SIEM technologies Required
- 2+ Experience leading and developing others Preferred
- 5+ General Cybersecurity field Required
Skills and Abilities
- Demonstrated ability to identify automation/orchestration opportunities and developing plan to implement automation Advanced
- Strong leadership, problem solving and critical thinking skills. Ability to prioritize and execute autonomously Advanced
- Ability to communicate effectively with all levels of staff, management, and clients both verbally and in writing Advanced
- Strong understanding of latest security principles and protocols Advanced
- Strong understanding of security operations technologies including SIEM, endpoint tools and network based logs Advanced
- Knowledge in emerging technologies and tactics used within a SOC, and how they are applied to improve efficiency and effectiveness Advanced
- Understanding of tactics, techniques and procedures associated with cyber threats and the ability to develop relevant alerting, countermeasures, and threat hunting techniques. Advanced
- Scripting ability (Powershell, Python) Intermediate
Licenses and Certifications
- Cybersecurity related certification (SANS, EnCe, CEH, Penetration Testing) Preferred
Sempra Energy
101 Ash St
San Diego
California United States
www.sempra.com
