SOC Manager

We are seeking a dynamic and experienced SOC Manager to lead the set-up and operation of a 24x7 Security Operations Center (SOC). The SOC Manager will be responsible for managing the detection, monitoring, and response to cyber threats in real-time, ensuring the effective operation of the SOC and alignment with global cybersecurity frameworks and local regulatory requirements. The ideal candidate should have hands-on experience with Microsoft Sentinel, other SIEM tools, and a deep understanding of security frameworks like NIST, MITRE ATT&CK, and the ISO 27000 series. In addition, the SOC Manager should have a solid understanding of Malaysian cybersecurity requirements from entities such as DNB, NACSA, and MCMC. Key Responsibilities: SOC Leadership & Operations: - Build from scratch, Establish, manage, and continuously improve a 24x7 Security Operations Center (SOC) for proactive monitoring, detection, and response to cybersecurity incidents and threats. - Lead, supervise, and mentor a team of L1 & L2 SOC analysts, providing training and professional development to ensure operational excellence and adherence to best practices in incident handling and response. - Oversee daily SOC operations, including threat monitoring, incident escalation, and triage, ensuring appropriate procedures are followed in line with internal and regulatory requirements. - Develop, implement, and continuously improve SOC processes, playbooks, and standard operating procedures (SOPs) to ensure effective and timely incident detection and response. Cybersecurity Monitoring & Incident Response: - Implement and optimize Microsoft Sentinel and other SIEM tools (e.g., Splunk) for real-time threat detection and response. - Drive the integration of advanced detection capabilities such as AI/ML-based tools and threat intelligence feeds into the SOC environment. - Lead the investigation, analysis, and management of security incidents, ensuring timely and thorough responses in accordance with the organization’s incident response plan. - Coordinate with internal teams to conduct root cause analysis of major security incidents and recommend corrective actions to prevent future occurrences. Security Frameworks & Compliance: - Ensure the SOC is aligned with key cybersecurity frameworks and standards, including NIST, MITRE ATT&CK, and the ISO 27000 series. - Ensure SOC operations comply with cybersecurity regulations and guidelines set by entities like DNB, NACSA, MCMC. Continuous Improvement & Threat Intelligence: - Drive ongoing evaluation and enhancement of SOC capabilities to keep up with evolving cyber threats and emerging technologies. - Maintain a strong network of threat intelligence sources and integrate threat intelligence into daily operations for proactive threat hunting and defense. - Stay current on the latest cyber threats, vulnerabilities, and attack techniques to ensure the SOC remains at the forefront of cybersecurity defense. - Implement and refine threat-hunting strategies and enhance detection mechanisms using both manual and automated processes. Collaboration & Reporting: - Serve as the primary point of contact for all SOC-related matters, providing regular updates on the SOC’s performance, incident metrics, and security posture to senior leadership. - Work cross-functionally with IT, network security, and compliance teams to improve overall cybersecurity resilience. - Produce reports and dashboards on SOC operations, threat intelligence, and incident response to be presented to stakeholders, including senior management and external auditors. Key Requirements: Education & Experience: - Bachelor’s degree in IT/Cybersecurity, Computer Science, or a related field. - At least 8 years of experience in cybersecurity operations or threat management, with 4+ years in a leadership or managerial role within a SOC environment. - Hands-on experience with Microsoft Sentinel and other SIEM solutions (e.g., Splunk). - Proven experience in building, managing, and optimizing a 24x7 SOC. - In-depth knowledge and experience with cybersecurity frameworks such as NIST CSF, MITRE ATT&CK, ISO 27001. - Familiarity with Malaysian cybersecurity regulations from authorities such as DNB, NACSA, and MCMC, and experience ensuring SOC compliance with these regulations. Technical Skills: - Strong understanding of security tools and technologies, including SIEM platforms, EDR, XDR, IDS/IPS, firewalls, threat intelligence, and Attack Surface Management platforms. - Solid experience with network security, endpoint security, cloud security, and incident detection and response. - Hands-on experience in developing and maintaining security monitoring, detection, and response strategies using Microsoft Sentinel. - Knowledge of threat intelligence platforms and integrating threat feeds into SOC operations. - Familiarity with automation tools for incident response and playbook creation. Soft Skills: - Excellent leadership, management, and mentoring skills, with the ability to lead a high-performing team. - Strong problem-solving and decision-making abilities, especially in high-pressure situations. - Exceptional communication skills, capable of explaining complex security incidents and risks to non-technical stakeholders. - Ability to work collaboratively with cross-functional teams, including IT, development, and compliance teams. Certifications (Preferred): - CISSP (Certified Information Systems Security Professional) - CISM (Certified Information Security Manager) - CISA (Certified Information Systems Auditor) - CEH (Certified Ethical Hacker)