Manager - Cyber Operations I On-site, Bangalore
Location
Bangalore | India
Job description
A Cribl Manager is responsible for the design, implementation, and operational success of a Cribl team within Optiv Managed Security Services. This includes managing the people, processes, and technologies required to deliver an efficient and effective Cribl service while supporting multiple clients across several technologies. The manager is responsible for driving consistent progress on service initiatives, communicating outcomes, and ensuring the optimal use of Cribl team resources.
The successful candidate will possess deep technical knowledge on several security technologies to include cloud technologies (i.e. AWS, GCP, Azure) have a solid understanding of information security and networking, and extensive experience interacting with customers and is responsible for delivery of client specific SIEM solutions and their required data pipelines. This individual will be responsible for the creation of procedures, implementation of processes and development of staff for managing and maintaining security systems across internal and client environments. The Cribl Technical Manager will work closely with Management, Solution Architects, Senior Security Engineers from other internal teams and clients to complete high profile, critical services to existing Managed Security Service clients. This position also serves as an escalation point for critical and complex client issues, performs configuration and testing of products, assists with developing and documenting work processes and trains other members of the team.
How you'll make an impact
- Lead the Cribl team and Security Operations Center by prioritizing clients work requests, projects, and service tasks.
- Creation of reports, dashboards, metrics for SOC operations and presentation to Sr. Mgmt.
- Develop communication channels with technology owners and the business to evangelize the evolving threat landscape.
- Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives.
- Ensure incident identification, assessment, quantification, reporting, communication, mitigation, and monitoring.
- Evaluate existing technical capabilities and systems and identify opportunities for improvement.
- Oversee training and exercises to ensure SOC team proficiency, conduct after action reviews to identify lessons learned and best practices.
- Regularly review standard operating procedures and protocols to ensure SOC continues to effectively meet operational requirements.
- Responsible for team & vendor management, overall use of resources and initiation of corrective action where required for Security Operations Center.
- Review policies and highlight the challenges in managing SLAs.
- Revise and develop processes to strengthen the current Security Operations Framework.
- Routinely engage with cross functional teams to evaluate SOCs ability to meet stakeholder needs.
- Act as a point of escalation for Junior SIEM Engineers, as well as provide them with guidance and mentorship.
- Add /Remove log sources. Troubleshoot issues with log sources or systems with the vendor, and report system defects as needed.
- Analyzes and identifies areas of improvement with existing processes, procedures and documentation.
- Assist client activation and onboarding.
- Assist in team development by defining strategies and responsibilities to be successful and grow.
- Configure backups, verify custom reports, manage log source groups, and validate log sources with the client.
- Create custom documentation for internal and external needs.
- Create custom rules/rule modifications and custom reports/ report modifications as needed.
- Create innovative solutions to automate and reduce timeframes for operational changes as well as the initial installation of the platform.
- Develop internal training methods to support Managed Services and their clients.
- Explain and demonstrate how to use SIEM products to both technical and relatively non-technical personnel and be able to showcase our data onboarding strategies internally.
- Interacting appropriately and professionally with both customers and partners, when required.
- Manage Cribl user accounts (create, delete, modify, etc.).
- Manage product enhancement/feature requests with vendors as needed.
- Perform formal Architectural Review.
- Perform formal Health Check and administrative password change.
- Perform software upgrades, updates, and patches as needed.
- Perform technical account management duties for specific top-tier, strategic clients.
- Provide remote consulting services via interactive client sessions to assist with implementation of multiple product vendors and technologies.
- Responsible for major data pipeline client environmental changes including upgrades.
- Responsible for mentoring and training of Cribl Engineer II employees
- Responsible for testing and configuring new products and technologies.
- Review and apply any newly available and applicable SIEM and/or appliance/virtual appliance software or policy updates monthly.
- Subject matter expert for onboarding data to multiple SIEM products for existing and new clients.
- Work closely with Management, Service Delivery and Principal Engineers in defining processes and procedures for internal projects.
What we're looking for
- He or She must have strong leadership experience in a high-paced complex IT environment. Ability to lead, influence and collaborate with remote team members, proven delivery, remediation, and incident response background.
- Bachelor's Degree in Information Technology, Information Security/Assurance, Engineering or related field of study or at least 8 years of related experience and/or training or equivalent combination of education and experience preferred.
- Minimum 5 years Managed Security Services or Information Security experience required.
- Minimum 5 years of SIEM administration, configuration and management required.
- Minimum 3 years of Cribl administration
- Security+, CISSP, GCIH, GCIA, GPEN, CEH and or other industry certifications preferred.
- Cribl Certified Observability Admin highly preferred OR be willing to obtain in the near future.
- Experience and understanding of cloud technologies to include AWS, Google Cloud Platform, and/or Azure.
- Excellent written and verbal communication skills required.
- Solid understanding of Information Security and Networking required.
- Outstanding time management and organizational skills required.
- Ability to operate equipment or tools, specifically: Internet, e-mail, MS Office products, advanced knowledge of Excel, sound knowledge of PowerPoint required.
- Ability to work nights or weekends as required.
- Demonstrated understanding of Information Security regulations, frameworks, requirements etc. and how to map a client's security needs to a SIEM solution required.
- Security and/or Networking familiarity or understanding in the following preferred.
- Command line interfaces
- Knowledge of Linux and Windows Operating Systems.
- Familiarity with DevOps
- Keen ability to diagnose and troubleshoot technical issues, excellent problem-solving skills
- Experience working with Internal and client Ticketing and Knowledge Base Systems for Incident and Problem tracking as well as procedures. (i.e. Jira, Confluence, etc.).
If you are seeking a culture that supports growth, fosters success, and moves the industry forward, find your place at Optiv! As a market-leading provider of cyber security solutions, Optiv has the most comprehensive ecosystem of security products and partners to deliver unparalleled services. Our rich and successful history with our clients is based on trust, serving more than 12,000 clients of varying sizes and industries, including commercial, government, and education. We have the proven expertise to plan, build, and run successful security programs across Risk Management, Cyber Digital Transformation, Threat Management, Security Operations - Managed Services, and Identity and Data Management.
With Optiv you can expect
. A company committed to championing Diversity, Equality, and Inclusion through our Affinity groups including, Black Employee Network, Disabled Employee Network, Latino Employee Network, Optiv Pride (LGBTQIA+) , Veterans Support Network, and Women's Network.
. Work/life balance.
. Professional training resources
. Creative problem-solving and the ability to tackle unique, complex projects
. Volunteer Opportunities. Optiv Chips In encourages employees to volunteer and engage with their teams and communities.
. The ability and technology necessary to productively work remote/from home (where applicable)
Job tags
Salary