Security Operations Center (SOC) Manager
The Security Operations Center (SOC) Manager is a pivotal leadership role responsible for managing the entire lifecycle of security operations within an organization leveraging a Microsoft Security XDR (Extended Detection and Response) environment, including Microsoft Sentinel as the SIEM (Security Information and Event Management) solution. This position requires a hands-on leader who can strategize, operationalize, and optimize security operations to safeguard the organization’s digital infrastructure. Responsibilities 1. Leadership and Strategy • Develop and execute the SOC strategy, aligning it with the organization's overarching cybersecurity goals. • Lead a team of analysts, engineers, and incident responders, fostering a culture of continuous improvement, collaboration, and excellence. • Act as the primary point of contact for security escalations and effectively communicate risks and recommendations to executive stakeholders. • Identify and implement key performance indicators (KPIs) and metrics to measure SOC efficiency and effectiveness. 2. Microsoft Security XDR Environment Management • Oversee the deployment, configuration, and optimization of Microsoft Security XDR solutions, including Microsoft Defender for Endpoint, Office 365, Identity, and Cloud Apps. • Ensure that XDR tools are integrated, fine-tuned, and aligned with the organization’s threat detection and response strategies. • Collaborate with IT and cloud teams to ensure seamless integration and coverage across hybrid environments. 3. SIEM Operations with Microsoft Sentinel • Manage and optimize the Microsoft Sentinel SIEM platform for log collection, correlation, and advanced analytics. • Design and maintain Sentinel playbooks, queries, and custom rules to enhance threat detection capabilities. • Monitor and manage Sentinel’s integration with data sources such as Azure, AWS, on-premises networks, and third-party tools. • Continuously improve the SIEM’s capabilities by onboarding new log sources and refining detection methodologies. 4. Threat Detection and Incident Response • Lead the SOC in monitoring, detecting, investigating, and responding to security incidents using Microsoft Security tools. • Ensure timely detection of threats, including APTs (Advanced Persistent Threats), ransomware, insider threats, and zero-day vulnerabilities. • Develop and execute incident response plans, ensuring minimal downtime and risk to organizational assets. • Coordinate post-incident reviews to identify gaps and lessons learned, driving enhanced processes and tools. 5. Compliance and Reporting • Ensure the SOC adheres to industry standards and regulatory requirements, such as ISO 27001, GDPR, and NIST. • Prepare and present actionable reports on the organization's security posture, incident trends, and SOC performance to stakeholders. • Support audits and compliance initiatives by providing accurate and timely security data. 6. Continuous Improvement • Stay updated on the latest security trends, tools, and threats, particularly in the Microsoft ecosystem. • Drive the innovation and adoption of advanced analytics, machine learning, and automation within the SOC. • Regularly assess and enhance SOC processes, tools, and procedures to align with evolving threats. Required Skills and Experience • Proven experience (5+ years) managing or leading a SOC, preferably within a Microsoft Security environment. • Deep understanding of Microsoft Security XDR solutions, including Defender for Endpoint, Microsoft Sentinel, and related tools. • Hands-on experience with SIEM platforms, specifically Microsoft Sentinel, including KQL (Kusto Query Language). • Strong knowledge of cybersecurity frameworks such as MITRE ATT&CK, NIST CSF, and CIS Controls. • Comprehensive understanding of cloud security, especially within Microsoft Azure environments. • Demonstrated ability to lead diverse teams and manage high-pressure situations, such as security incidents. Preferred Certifications • Microsoft Certified: Security Operations Analyst Associate • Microsoft Certified: Azure Security Engineer Associate • GIAC Certification(s) • ISC2 Certification(s) • Proven experience (5+ years) managing or leading a SOC, preferably within a Microsoft Security environment. • Remote work, day shift schedule and the role is based in the Philippines
United States Equal Opportunity Employment:
First Advantage is proud to be a global leader in removing barriers and supporting our community members to ensure the changing demographics of the workforce are reflected in our hiring and employment practices. We value all of our candidates, employees, and clients, and place great emphasis on hiring and supporting qualified individuals in each role. We are an equal opportunity employer. We do not discriminate on the basis of race, color, ethnicity, ancestry, religion, sex, national origin, sexual orientation, age, citizenship status, marital status, disability, gender identity, gender expression, veteran status, genetic information, or any other area protected by applicable law.
About the job
Apply for this position
Security Operations Center (SOC) Manager
The Security Operations Center (SOC) Manager is a pivotal leadership role responsible for managing the entire lifecycle of security operations within an organization leveraging a Microsoft Security XDR (Extended Detection and Response) environment, including Microsoft Sentinel as the SIEM (Security Information and Event Management) solution. This position requires a hands-on leader who can strategize, operationalize, and optimize security operations to safeguard the organization’s digital infrastructure. Responsibilities 1. Leadership and Strategy • Develop and execute the SOC strategy, aligning it with the organization's overarching cybersecurity goals. • Lead a team of analysts, engineers, and incident responders, fostering a culture of continuous improvement, collaboration, and excellence. • Act as the primary point of contact for security escalations and effectively communicate risks and recommendations to executive stakeholders. • Identify and implement key performance indicators (KPIs) and metrics to measure SOC efficiency and effectiveness. 2. Microsoft Security XDR Environment Management • Oversee the deployment, configuration, and optimization of Microsoft Security XDR solutions, including Microsoft Defender for Endpoint, Office 365, Identity, and Cloud Apps. • Ensure that XDR tools are integrated, fine-tuned, and aligned with the organization’s threat detection and response strategies. • Collaborate with IT and cloud teams to ensure seamless integration and coverage across hybrid environments. 3. SIEM Operations with Microsoft Sentinel • Manage and optimize the Microsoft Sentinel SIEM platform for log collection, correlation, and advanced analytics. • Design and maintain Sentinel playbooks, queries, and custom rules to enhance threat detection capabilities. • Monitor and manage Sentinel’s integration with data sources such as Azure, AWS, on-premises networks, and third-party tools. • Continuously improve the SIEM’s capabilities by onboarding new log sources and refining detection methodologies. 4. Threat Detection and Incident Response • Lead the SOC in monitoring, detecting, investigating, and responding to security incidents using Microsoft Security tools. • Ensure timely detection of threats, including APTs (Advanced Persistent Threats), ransomware, insider threats, and zero-day vulnerabilities. • Develop and execute incident response plans, ensuring minimal downtime and risk to organizational assets. • Coordinate post-incident reviews to identify gaps and lessons learned, driving enhanced processes and tools. 5. Compliance and Reporting • Ensure the SOC adheres to industry standards and regulatory requirements, such as ISO 27001, GDPR, and NIST. • Prepare and present actionable reports on the organization's security posture, incident trends, and SOC performance to stakeholders. • Support audits and compliance initiatives by providing accurate and timely security data. 6. Continuous Improvement • Stay updated on the latest security trends, tools, and threats, particularly in the Microsoft ecosystem. • Drive the innovation and adoption of advanced analytics, machine learning, and automation within the SOC. • Regularly assess and enhance SOC processes, tools, and procedures to align with evolving threats. Required Skills and Experience • Proven experience (5+ years) managing or leading a SOC, preferably within a Microsoft Security environment. • Deep understanding of Microsoft Security XDR solutions, including Defender for Endpoint, Microsoft Sentinel, and related tools. • Hands-on experience with SIEM platforms, specifically Microsoft Sentinel, including KQL (Kusto Query Language). • Strong knowledge of cybersecurity frameworks such as MITRE ATT&CK, NIST CSF, and CIS Controls. • Comprehensive understanding of cloud security, especially within Microsoft Azure environments. • Demonstrated ability to lead diverse teams and manage high-pressure situations, such as security incidents. Preferred Certifications • Microsoft Certified: Security Operations Analyst Associate • Microsoft Certified: Azure Security Engineer Associate • GIAC Certification(s) • ISC2 Certification(s) • Proven experience (5+ years) managing or leading a SOC, preferably within a Microsoft Security environment. • Remote work, day shift schedule and the role is based in the Philippines
United States Equal Opportunity Employment:
First Advantage is proud to be a global leader in removing barriers and supporting our community members to ensure the changing demographics of the workforce are reflected in our hiring and employment practices. We value all of our candidates, employees, and clients, and place great emphasis on hiring and supporting qualified individuals in each role. We are an equal opportunity employer. We do not discriminate on the basis of race, color, ethnicity, ancestry, religion, sex, national origin, sexual orientation, age, citizenship status, marital status, disability, gender identity, gender expression, veteran status, genetic information, or any other area protected by applicable law.