Security Operations Center Team Lead
Homecare Homebase, a subsidiary of HearstCorporation is a market leader in healthcaresoftware development providing mobile cloud-based solutions for clinical,operational, and financial improvement of homecare and hospice agencies throughoutthe United States. Our software enablesreal time solutions for wireless information exchange and communication betweenoffice staff, field staff, and physicians.
Our success is fueled by ourtalented technology teams that are driven by their passion to make a differencein patient care. Our employees work in aculture that is guided by values of caring, action, respect, excellence, andsmile (a positive attitude). If you wantto work in a role where your skills have a direct influence on patient care,Homecare Homebase is the next step in your career. We are hiring technologists that want to makea difference.
We are seeking a Team Lead, SecurityOperations Center to join the HCHB Security team responsible for securingsystems, infrastructure, services, and data. The candidate will lead a team of analyststasked with triaging and responding to alerts generated by our SIEM. Primaryresponsibilities include growing the SOC Analysts, ensuring processes arefollowed, updating and creating new processes as needed, setting and trackingmetrics, and driving new detections/use cases from the SOC Analyst perspective.A passion for Security Operations with strong skills in critical thinking, communication,and mentoring, an inquisitive nature, and excitement for building a SOC aremusts.
ESSENTIAL DUTIES ANDRESPONSIBILITIES:
- Coordinates other members of the SOC team to ensure proper coverage;
- Ensuredevelopment of standard operating procedures and operations tempo;
- Validatethat security analysts follow established procedures and follow up on anomalousactivity when identified;
- Utilizesecurity models and frameworks for documenting and tracking purposes, (e.g.MITRE ATT&CK framework, Cyber Kill Chain (CKC) framework);
- Properlyuse of Splunk Core, Splunk Security Essentials, and Splunk Enterprise Security;
- Workclosely with compliance teams to provide required evidence for variousapplicable controls;
- Ensures terminology used (technical or business) is understood by both business and technical teams;
- Availability to work outside normal business hours (Oncall rotation);
- Producesregular team and project reports to stakeholders;
- Generates reports for IncidentManagement for leadership;
- SOC Service Monitoring, Analytics and Cyber Threat Analysis;
- Continuous & persistent monitoring of security technologies/tool data and network traffic which result in security alerts generated, parsed, triggered, or observed on the in-scope managed networks, enclaves, systems or security technologies;
- Analyzing, triaging, aggregating, escalating and reporting on client security events including investigation of anomalous network activity, and responds to cyber incidents within the network environment or enclave;
- Correlation and trend analysis of security logs, network traffic, security alerts, events and incidents;
- Continuously works to tune security tools to minimize false positives and maximize detection and prevention effectiveness. Collaborates with the owners of cyber defense tools to tune systems for optimum performance;
- Analyzes malware and attacker tactics to improve network detection capabilities. Collaborates with external companies or government agencies to share open source or classified intelligence;
- Distributes use case context, vulnerability and threat advisories as relevant to optimize security tools, SIEM and client awareness;
- Incident categorization and severity assignment consistent with client criteria;
- Event and incident handling consistent with applicable client plans and processes;
- Integration of activities with standard reports, such as shift reports, along with client communication protocols;
- Documents and provided feedback to engineers for custom views, channels, and other content for Incident Response, Insider Threat Management (ITM), and other threat detection use cases into disparate enclaves in the customer environment;
- Support calculation of security metrics related to Managed SOC Services offering;
- Drive SIEM content development, tuning, and review.
- Strong understanding of security monitoring, detection, and analysis methodologies and technologies including NIDS, EDR, WAF, FIM, network firewall, and SIEM
- Demonstrated experience with Splunk Core, Splunk Security Essentials, and Splunk Enterprise Security.
- Possess a deep understanding of operations, system, and network security
- Ability to explain complex security issues to analysts, engineers, managers, and executives
- Highlyindependent and self-directed individual capable of working with minimalsupervision.
- Able tocoordinate a team of people in multicultural environment, including ITproviders, HCHB IT technical teams, as well as technicians from business areas
- Excellentinterpersonal, organizational and customer services skills with ability tocommunicate effectively with both technical and non-technical stakeholders.
- Strongproblem-solving skills
- Senseof urgency
- Strongorganizational skills with the ability to manage multiple tasks simultaneously
- Excellentverbal and written communication skills (English)
- Must betechnically literate and be able to articulate technical issues in a meaningfulway to both engineers and executive level management
- The ability to communicate confidently and clearly onconference calls, in meetings and via email, at all levels of the organizationis essential.
- Customerfocus and ownership, use of own initiative and a proactive approach to work
- Experiencein managing escalations in crisis situation
- 5+ years of related work experience with aBachelor's degree; or 4 years with Master's degree
- Splunk Core, Splunk Security Essentials, Splunk Enterprise Security
- Familiar knowledge of Process and IT service managementconcepts such as ITIL and ITSM
- ServiceNow'sIncident Management platform
- Bachelor's Degree in Management Information Systems, ComputerScience is preferred.
- Master's degree inComputer Security, Cybersecurity, etc
- Certificationsrelated to security (such as Security+, GSEC, GCIH, GCIA, CISSP, NCSF, etc)
- Certifications inSplunk
- Certificationsrelated to ITIL\ITSM
Back to top