Security Operations Center (SOC) Manager
SECURITY OPERATIONS CENTER MANAGER
SailPoint's Cybersecurity organization is seeking a Security Operations Center Manager with a passion for cybersecurity and protecting the organization. This is an internal security analyst role on SailPoint's Security Operations team that will focus on detecting and preventing threats to the organization. The ideal candidate will be a team player and have a strong passion for protecting the organization against cyber threats.
The ideal candidate will demonstrate servant leadership with strong examples of success in a Security Operations Center , leading, and motivating teams in a fast paced environment. A candidate should show enthusiasm and excitement towards the 4 I's at SailPoint: Individual, Impact, Innovation, and Integrity. The right candidate will have proven success in transformational environments resulting in changes in the people, process, and technology.
This is a challenging and impactful role where you will have the opportunity to work with both internal and external stakeholders and be directly responsible for delivering a comprehensive Security Operations program. This role reports directly to the Senior Manager of Security Operations and can be remote or based in Austin, TX.
Responsibilities:
- Partner closely with Architecture/Engineering and Product Development to define and communicate functional requirements and technology performance feedback to mature the Security Operations technology stack.
- Responsible for event discovery and incident response activities.
- Collaborate among multiple business units during response activities and post-mortem.
- Manage recruitment, training, and development for Cybersecurity crew members.
- Responsible for the strategic direction and daily operations related to security operations.
- Establish standard operating procedures (SOP) for your L1, L2, and L3 Security Operation Center.
- Develop a workflow model and implement SOPs for the incident-handling process that guides analysts through triage and response procedures.
- Identify, track, and review relevant metrics to measure the efficiency and effectiveness of the IT Security program.
- Analyze data to form proposals for improvements (e.g. implementation of new technology).
- Provide continuous security monitoring metrics on a regular basis to departmental leadership, allowing for clear indications of the performance.
- Provide technical leadership, supervision, and guidance to operations shift leads and analysts.
- Serves as organizational point person for business-critical incidents.
- Manage recruitment, training, and development for resources.
- Mature and develop playbooks, ensuring response activities align with the incident response plan and provide comprehensive mitigation of threats.
- Be available for escalations after hours and on-call pager duty.
- Provide timely, comprehensive, and accurate information in both written and verbal communications.
- Understand and apply the "how," "when," "where," and "why" of a threat incident.
Requirements:
- Meet FedRAMP access requirements.
- 7+ years of work experience leading Information Security teams.
- Hold an "active" or "good standing" security- related certification such as the CISSP, CISA, CISM, GIAC or other relevant certification required
- Demonstrate excellent project management skills, inspire teamwork and responsibility with engagement team members, and use current technology and tools to enhance the effectiveness of deliverables and services.
- Foster an innovative and inclusive team- oriented work environment. Play an active role in counseling and mentoring junior crew members within SailPoint.
- Demonstrate and apply a thorough understanding of complex enterprise systems. Use knowledge of the current IT environment and industry trends to identify issues. Communicate with team through written correspondence and verbal presentations.
- Ability to demonstrate analytical expertise, close attention to detail, critical thinking, logic, and solution orientation and to learn and adapt quickly
- Experience creating and maintaining a staffing strategy, efficient assignment/service management, and monthly metrics/reporting.
- Serve as a mentor and champion for resources within the team and across the organization.
- Demonstrated examples of complex decision-making, with an ability to weigh the relative costs and benefits of potential actions and a recommendation.
- Possess experience and successful results leveraging one or more of the following technologies:
- Network Security Monitoring (Palo Alto, Fidelis, NetWitness, Cisco, WireShark, Snort, Security Onion, etc.)
- Endpoint Detection and Response (Cortex XDR, Crowdstrike, Cylance, Carbon Black, etc.)
- SIEMs (Splunk, SumoLogic, Devo, InsightIDR, QRadar, etc.)
- Security Orchestration, Automation, and Response (Demisto/Cortex XSOAR, Phantom, Siemplify, etc.)
- Cloud Service Provider IaaS and PaaS (AWS, Azure or GCP)
- Service Management & Ticketing (Jira, ServiceNow, Zendesk or similar)
- Vulnerability Scanning (Tenable, Qualys, Nessus, Nexpose, etc.)
- Investigation and Research Tools (Virus Total, Shodan, etc.)
- Red Team Tools (MetaSploit, Mimikatz, Phantom Evasion, MSF Venom, Cobalt Strike, etc.)
- Ability to innovate and find creative solutions that balance the needs of the business with the needs of security.
Preferred:
- Bachelor's degree in Computer Science, IT Security, Information Systems, Engineering, or related field
- Certification aligned to the following:
- SANS/GIAC
- CompTIA
- ISACA
- Vendor Certifications
- Experience with compliance and regulatory frameworks such as FedRAMP, ISO27001, SOC2, SOX, GDPR.
- Experience in managing or leading a SOC or MSSP environment is a plus.
- Project Management training/certification preferred
SailPoint is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.