Dir. DDIT ISC CSOC Content Engineering

Major accountabilities:

• Talent and Growth.
• Manage and mentor associates and team leaders.
• Plan and implement technical and nontechnical development strategies for continuous development of CSOC analysts and leaders strategy and direction.
• Content engineering service involves planning, developing, testing, operationalizing, and tuning content for detection, investigation, and reporting from security platforms like SIEM, DLP, EDR, etc.
• Provide subject matter expertise, oversight, and feedback to optimize data onboarded into the SIEM.
• Content engineering service involves planning, developing, testing, operationalizing, and tuning content for detection, investigation, and reporting from security platforms like SIEM, DLP, EDR, etc.
• Provide subject matter expertise, oversight, and feedback to optimize data onboarded into the SIEM.
• Define and measure performance and effectiveness KPIs; develop and deliver timely reporting to CSOC stakeholders and senior leaders.
• Interface with other CSOC stakeholders to align on initiatives; proactively gather feedback; adjust and improve service continuously.
• Research new tools and techniques to improve overall CSOC ability to monitor, detect, and respond to cyber threats.
• Monitor health of content to detect outages, spikes, or other anomalies that may impact CSOC performance.

Key performance indicators:

• Review and evaluate SIEM team performance.
• Effectively and efficiently design and implement process automations, create supporting technical documentation and redundancy controls.
• Accurately troubleshoot to diagnose and resolve problems with process automations, case management issues, scripts, and other custom solutions that support CSOC operations.
• Identify technology and process gaps that affect CSOC services; develop solutions and make recommendations for continuous improvement.
• Good cultural orientation and strong influencer of information risk management, information security, IT security, to be embedded across IT, OT and Medical Technologies.

Minimum Requirements:
Experience:

• 10+ Years work experience.
• Strong Team Management skills.
• Good general security knowledge.
• Strong knowledge of security tools (DLP, XDR, SIEM, Firewalls).
• Experience in scripting and Automation for Security tools.
• Experience SIEM alert creation, SOAR playbook development.
• Experience in reporting to and communicating with senior level management (with and without IT background, with and without in-depth risk management background) on incident response topics.
• Strong written and verbal communication and presentation abilities, with the capacity to effectively convey information risk-related and incident response concepts to both technical and non-technical stakeholders.
• Exceptional interpersonal and collaborative skills, fostering effective communication and cooperation with diverse individuals and teams.
• Exceptional understanding and knowledge of general IT infrastructure technology and systems.
• Proven experience to initiate and manage projects that will affect CSOC services.

Skills:

• Understanding of SIEM architecture components, including technology integrations.
• Firsthand experience of Security tools like Splunk, Sentinel, XDR, DLP.
• Direct experience managing Data ingestion pipeline through Cribl.
• Understanding of security systems (such as AV, IPS, Proxy, FW).
• Security use-case design and development.
• Understanding of SOAR and Development experience in python (SDKs).
• An understanding of error messages and logs displayed by various software.
• Ability to troubleshoot, diagnose and solve issues independently.
• Self-learner, ability to document learning as experience is gained.
• Understanding of network protocols and topologies.
• Strong technical troubleshooting and analytical skills.
• A knowledge of the MITRE ATT&CK framework is beneficial.
• Ability to prioritise workload.
• Excellent written and spoken English.
• Team Management.
• Calm and logical approach.

Languages :

• English.