Use Case Lead

Summary:

The Use Case Lead will be responsible for developing and maintaining use cases for various systems, applications, or products relevant to SOC. This role involves gathering business requirements, creating detailed use cases, and ensuring they align with business goals and technical capabilities. The Use Case Lead will work closely with cross-functional teams to ensure effective use case implementation and testing.

Responsibilities:

• Collaborating with SOC Managers and Security Engineers to contain and mitigate security incidents effectively.
• Conducting in-depth analysis to identify potential threats and responding promptly to security incidents.
• Working closely with SOC Analysts and Incident Manager's to ensure a coordinated response to security events.
• Implementing security measures to protect the organization's computer systems, networks, and data.
• Apply standard best practice processes and procedures to optimize operational efficiency.
• Provide accurate, complete, and timely Shift handover reports.
• Validating incidents received from SOC Analysts and identifying false positives.
• Provide technical support to SOC Analysts. Responsible for advanced incident and problem handling of unclassified suspicious events originating from various sources.
• Work within a Security Operations Center (SOC) to implement, configure and operate multi-vendor technologies such as Firewalls, IPS, SIEM, Antimalware.
• Develop vulnerability signatures, threat indictors to implement monitoring, and detection use cases for various security solutions.
• Perform detailed network traffic analysis.
• Deliver accurate reports in a manner that can be understood by business and customers.
• Build dashboards and actionable reporting and share with related teams.
• Establish standards based operational policies, processes and procedures.
• Maintain SOC operations lab.

Qualifications:

• Bachelor's degree in computer science, Information Security, or a related field.
• Strong understanding of networking concepts, protocols, and technologies (TCP/IP, DNS, DHCP, VPN, etc.).
• High-level understanding of TCP/IP protocol and OSI Seven Layers Model.
• High-level understanding of Transport Layer Security Protocols.
• Experience with systems administration and in-depth knowledge of Windows and Unix operating systems.
• Knowledge of common security threats, vulnerabilities, and attack vectors, and the ability to recognize indicators of compromise (IoCs).
• Exceptional analytical and problem-solving skills, with the ability to assess complex situations and make timely decisions under pressure.
• Effective communication skills, both verbal and written, with the ability to convey technical information to non-technical stakeholders clearly and concisely.
• Certifications such as IBM QRadar Specialist, Arbor DDoS Specialist, FireEye APT specialist, Cyber Security Expert , Linux Systems Administration, CISSP, CCSP, GIAC Certified Incident Handler (GCIH) and Certified Ethical Hacker (CEH) are a plus.
• Experience with many of the following security controls: (Firewalls, Intrusion Prevention Systems, Antimalware, Two factor Authentication, Security Information and Event Management, Sandboxing, Virtual Private Networks, Firewall Rule Auditing, SIEM and SOAR solutions)
• Experience with the following vendor technologies/tools is a plus: (Arbor Peak flow, Fortine, Cisco and Palo Alto firewalls, Fortinet and Firepower IPS, Kaspersky Antimalware, Fire eye and Fortinet, Sandboxing, RSA SecureID, Splunk and Sentinel).
• Experience with host-based security (patching, hardening) and configuration management methodologies.
• Familiar with Incident management methodologies (SANS, NIST, CERT, etc.)
• Knowledgeable with security assessment tools (NMAP, Nessus, Metasploit, Netcat)
• Knowledge of security best practices and concepts
• Strong commitment to continuous learning and professional development in the field of cybersecurity.
• 7 10 years of experience in Information Security Field.