Manager - Information Security

Job Purpose :

- The SOC L3 Manager is responsible for leading and managing the Security Operations Center (SOC) at the highest technical level. This includes overseeing daily operations, handling critical escalations, ensuring fast detection and response to cyber threats, providing strategic guidance, mentoring analysts, and improving the overall security posture of the organization.

Key Responsibilities :

1. Device Integration :

- Configure rules and validate proper log ingestion.

2. Incident Investigation & Response :

- Take full ownership of high-severity (P1/P2) or complex security incidents.

- Perform deep forensic analysis on endpoints, servers, and network devices.

- Correlate alerts across SIEM, EDR, NDR, Firewalls to identify attack paths.

- Conduct Root Cause Analysis (RCA) for major incidents.

- Recommend and supervise containment, eradication, and recovery steps.

- Provide incident updates to the SOC Manager / CISO.

3. SIEM Tuning & Use-Case Enhancement :

- Analyze false positives and tune detection rules.

- Create/modify correlation rules, queries, dashboards, and reports.

- Ensure new log sources are properly parsed and normalized.

- Develop advanced detection use-cases aligned with MITRE ATT&CK and new threats.

4. Threat Hunting :

- Conduct proactive hunts to detect hidden or undetected threats.

- Use IOCs and threat intel feeds to search across logs and systems.

- Document findings, gaps, and recommend improvements.

5. Threat Intelligence :

- Map threats to MITRE ATT&CK techniques.

- Analyze threat intel data and enrich detections.

6. Incident Coordination & Escalation :

- Act as technical lead during active incidents.

- Coordinate with IT, network, and application teams.

- Escalate major incidents to SOC Manager/CISO with detailed analysis.

- Prepare incident summary reports and support post-incident reviews.

7. Tool & Technology Optimization :

- Monitor performance of SIEM, SOAR, EDR/XDR, NDR, TIP.

- Fix log onboarding issues and agent problems with engineering teams.

8. Reporting & Documentation :

- Update incident tickets with detailed investigation notes and evidence.

- Maintain SOC dashboards and daily trackers.

- Provide trend analysis : top attacks, sources, affected assets.

- Contribute to weekly SOC performance reports.

9. Mentoring & Technical Support :

- Guide L1/L2 analysts in investigations and response procedures.

- Review and approve incident closure summaries.

- Help grow skills and improve SOC processes.

10. SOAR Automation :

- Test new tools, scripts, or automations with SOAR.

- Review and improve SOC playbooks and SOPs regularly.