We are seeking a dynamic and experienced SOC Manager to lead the set-up and operation of a 24x7 Security Operations Center (SOC). The SOC Manager will be responsible for managing the detection, monitoring, and response to cyber threats in real-time, ensuring the effective operation of the SOC and alignment with global cybersecurity frameworks and local regulatory requirements. The ideal candidate should have hands-on experience with Microsoft Sentinel, other SIEM tools, and a deep understanding of security frameworks like NIST, MITRE ATT&CK, and the ISO 27000 series. In addition, the SOC Manager should have a solid understanding of Malaysian cybersecurity requirements from entities such as DNB, NACSA, and MCMC.
Key Responsibilities:
SOC Leadership & Operations:
- Build from scratch, Establish, manage, and continuously improve a 24x7 Security Operations Center (SOC) for proactive monitoring, detection, and response to cybersecurity incidents and threats.
- Lead, supervise, and mentor a team of L1 & L2 SOC analysts, providing training and professional development to ensure operational excellence and adherence to best practices in incident handling and response.
- Oversee daily SOC operations, including threat monitoring, incident escalation, and triage, ensuring appropriate procedures are followed in line with internal and regulatory requirements.
- Develop, implement, and continuously improve SOC processes, playbooks, and standard operating procedures (SOPs) to ensure effective and timely incident detection and response.
Cybersecurity Monitoring & Incident Response:
- Implement and optimize Microsoft Sentinel and other SIEM tools (e.g., Splunk) for real-time threat detection and response.
- Drive the integration of advanced detection capabilities such as AI/ML-based tools and threat intelligence feeds into the SOC environment.
- Lead the investigation, analysis, and management of security incidents, ensuring timely and thorough responses in accordance with the organization's incident response plan.
- Coordinate with internal teams to conduct root cause analysis of major security incidents and recommend corrective actions to prevent future occurrences.
Security Frameworks & Compliance:
- Ensure the SOC is aligned with key cybersecurity frameworks and standards, including NIST, MITRE ATT&CK, and the ISO 27000 series.
- Ensure SOC operations comply with cybersecurity regulations and guidelines set by entities like DNB, NACSA, MCMC.
Continuous Improvement & Threat Intelligence:
- Drive ongoing evaluation and enhancement of SOC capabilities to keep up with evolving cyber threats and emerging technologies.
- Maintain a strong network of threat intelligence sources and integrate threat intelligence into daily operations for proactive threat hunting and defense.
- Stay current on the latest cyber threats, vulnerabilities, and attack techniques to ensure the SOC remains at the forefront of cybersecurity defense.
- Implement and refine threat-hunting strategies and enhance detection mechanisms using both manual and automated processes.
Collaboration & Reporting:
- Serve as the primary point of contact for all SOC-related matters, providing regular updates on the SOC's performance, incident metrics, and security posture to senior leadership.
- Work cross-functionally with IT, network security, and compliance teams to improve overall cybersecurity resilience.
- Produce reports and dashboards on SOC operations, threat intelligence, and incident response to be presented to stakeholders, including senior management and external auditors.
Key Requirements:
Education & Experience:
- Bachelor's degree in IT/Cybersecurity, Computer Science, or a related field.
- At least 8 years of experience in cybersecurity operations or threat management, with 4+ years in a leadership or managerial role within a SOC environment.
- Hands-on experience with Microsoft Sentinel and other SIEM solutions (e.g., Splunk).
- Proven experience in building, managing, and optimizing a 24x7 SOC.
- In-depth knowledge and experience with cybersecurity frameworks such as NIST CSF, MITRE ATT&CK, ISO 27001.
- Familiarity with Malaysian cybersecurity regulations from authorities such as DNB, NACSA, and MCMC, and experience ensuring SOC compliance with these regulations.
Technical Skills:
- Strong understanding of security tools and technologies, including SIEM platforms, EDR, XDR, IDS/IPS, firewalls, threat intelligence, and Attack Surface Management platforms.
- Solid experience with network security, endpoint security, cloud security, and incident detection and response.
- Hands-on experience in developing and maintaining security monitoring, detection, and response strategies using Microsoft Sentinel.
- Knowledge of threat intelligence platforms and integrating threat feeds into SOC operations.
- Familiarity with automation tools for incident response and playbook creation.
Soft Skills:
- Excellent leadership, management, and mentoring skills, with the ability to lead a high-performing team.
- Strong problem-solving and decision-making abilities, especially in high-pressure situations.
- Exceptional communication skills, capable of explaining complex security incidents and risks to non-technical stakeholders.
- Ability to work collaboratively with cross-functional teams, including IT, development, and compliance teams.
Certifications (Preferred):
- CISSP (Certified Information Systems Security Professional)
- CISM (Certified Information Security Manager)
- CISA (Certified Information Systems Auditor)
- CEH (Certified Ethical Hacker)