Manage and Lead the Cluster in MSSP consisting of multiple customersEnd-to-end responsibility to manage / resolve L3 level incidents, customer concerns, soc operation for customer.Lead and mentor a team of MDR analysts, ensuring high levels of performance and collaboration.Perform skills gap analysis and upskill team members wherever needed.Coordinate day-to-day activities of the MDR team, including task assignments, escalation management, and incident response workflows.Conduct regular team meetings, knowledge-sharing sessions, and training programs to improve team capabilities and efficiency.Set performance goals, provide feedback, and conduct performance reviews for team members.Oversee the monitoring and analysis of security events, alerts, and incidents from multiple security tools (e.g., SIEM, EDR, IDS/IPS, etc.).Ensure accurate triage, investigation, containment and escalation of security incidents as needed, and guide the team in resolving complex cases.Perform threat modelling of the client assets and accordingly define the necessary use cases Lead the response to high-priority security incidents, including coordinating containment, eradication, and recovery efforts.Develop and implement processes for incident handling, root cause analysis, and lessons learned.Continuously assess and optimize the MDR workflow, ensuring effective detection, investigation, and response capabilities.Perform threat management, threat modelling, identify threat vectors and develop use cases for security monitoringAnalysing and reviewing escalated cases until closure with appropriate actions needed. This includes investigating and recommending/taking appropriate corrective actions for data security incidents, which includes communicating with the implementation staff.Establishing and maintaining a mature incident management program.Leading efforts in monitoring, reporting, and responding to information security incidents. Based upon external threat indicators, industry trends, and lessons learned, the incident handler recommends controls and process improvements.Being responsible for facilitating incident management team exercises and eventsContinuous fine tuning of configuration, rules, policies etc. Continuous innovation and automations in intuitive dashboards, report, queries.Collaborate with internal stakeholders to refine detection rules, use cases, and response playbooks based on emerging threats and evolving business requirements.Drive automation and orchestration improvements within the MDR environment to enhance response times and reduce manual efforts.Utilize threat intelligence sources to identify emerging threats, tactics, techniques, and procedures (TTPs), and integrate that intelligence into detection mechanisms.Lead proactive threat hunting efforts, searching for signs of compromise within the environment before incidents escalate.Stay up-to-date with the latest cybersecurity trends, threat actor techniques, vulnerabilities, and industry best practices.Serve as the primary point of contact for escalation and communication regarding MDR incidents and activities.Collaborate with other teams (e.g., SOC, Incident Response, IT, and Network Security) to ensure a holistic security approach.Interfacing with senior management internally and on client end.Establishing communications with appropriate team members and business units, providing status updatesProvide regular updates and detailed incident reports to clients, internal stakeholders, and management.Represent the MDR team in cross-functional meetings and contribute to strategic security initiatives.Drive continuous improvement initiatives for both processes and technologies used in the MDR service offering.Analyze post-incident reports, identify trends, and recommend actions to reduce the likelihood of future incidents.Produce metrics and reporting for management to demonstrate MDR team performance, trends in security incidents, and effectiveness of detection and response efforts.
Required
Preferred
Job Industries
