The Industrial Security Operations Center (ISOC) Manager’s primary mission is to lead, improve, and grow ABS Group’s cybersecurity Operational Technology (OT) monitoring and incident response capabilities.
This role leads the daily operations as well as the strategic development of the ISOC.
This position is responsible to ensure Service Level Agreements (SLA) are met when responding to digital security incidents globally, provide forensics and threat hunting support, and managing security operations and technologies partners.
The manager will also help define the investments and strategies to grow the functions, roles, and value of the ISOC.
The ISOC Manager leads a team that performs real time event and incident management processes, as well as OT security incidents evaluation and response following the event management guidelines and policies of ISOC.
This position requires 7-10 years of cybersecurity incident response experience and preferably OT experience related to critical infrastructure segments.
The candidate should have experience with IT / OT Security (i.e., monitoring Supervisory Control and Data Acquisition (SCADA) or Distributed Control Systems (DCS)), partner / provider management, customer service skills, and sales / client account management.
In addition to delivery, execution, and improvements of the ISOC capabilities, the ISOC Manager might be tasked with development and testing of various security practices and controls to meet customer or regulatory cyber security requirements.
Job Duties / Roles
This position is responsible for the execution of OT cyber security services and supporting customers with monitoring for cyber threats, providing routine and periodic reports, and helping to maintain cyber security compliance.
Some of the key responsibilities include managing the event and log monitoring and analysis functions using SIEM technology, security incidents identification and investigation, supporting OT monitoring tools, providing guidance on actions required to contain, eradicate, and recover from a threat / incident in the OT environment, performing these services for multiple clients while maintaining high degrees of professionalism and efficiency to ensure service level agreements and response times are met.
The qualified candidate must have enough knowledge and abilities to :
Understand the standard & modern attack techniques on applications, systems, and networks
Lead efforts to support the response to digital security incidents through the initial triage phase and provide support to business and IT / OT clients as they work to close identified gaps
Manage and lead the ISOC team
Build and maintain close working relationship with the SOC providers, cyber threat intelligent team, technology partners and others to bring together a holistic view of incidents
Develop processes and procedures to support SLAs and improve incident response times, analysis of incidents, and overall SOC functions
Provide network intrusion detection expertise to support timely and effective decision making of when to declare and escalate an incident
Provide incident response support, including evidence preservation and forensics
Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, EDR, Antivirus, etc.
to determine the correct remediation recommendations and escalation paths for each incident
Analyze network flow data for anomalies and detect malicious network activity
Provide information regarding intrusion events, security incidents, and other threat indications
Provide technical analysis and guidance on control systems security trends and industry benchmarking
Oversee cyber vulnerability assessments
Prepare and conduct technical and executive presentations
Create technical reports and progress reports for projects
Research and test new security tools / products and make recommendations of tools to be implemented in clients’ OT environments and to be used in the SOC
Identify and enhance the capabilities of the team by developing opportunities for automation
The candidate is expected to continuously improve self as subject matter expert by participating in educational opportunities, reading professional publications, maintaining personal networks, in addition to presenting for professional organizations.
Have demonstrated experience in computer and network systems, including IT / OT security, cyber-related regulations, MITRE security practices and / or NIST standards
Have demonstrated CIRT, CERT, Threat Monitoring, or SOC management experience
Have strong analytical and problem-solving skills with the capability to identify solutions to unusual and complex problems
Have sound understanding of network, system, and application intrusion techniques on IT / OT infrastructure
Have a good understanding of log formats from OS, Databases, Firewalls, Applications
Able to interpret vulnerability assessments into actionable items for the client
Able to demonstrate proficiency in MITRE ATT&CK Framework or LM Cyber Kill Chain® framework
Possess excellent presentation skills, including presentation development, numeracy and analysis skills, and advanced skills in Microsoft Word, Excel, PowerPoint, Visio, and Outlook
Possess excellent English oral and written communication skills; demonstrated capability to produce reports suitable for delivery to both technical and non-technical audiences, and strong interpersonal and collaboration skills
Have the ability to productively work with little supervision with demanding due dates
Be willingly to travel up to 20%, domestic and international
Minimum years of Experience
7-10 years in security operations centers with IT cyber security, OT / ICS cyber security implementation, and OT / ICS compliance experience
Required / Preferred Education Requirements
Bachelor’s degree in Engineering, Computer Science, Cybersecurity, or demonstrated equivalent work-related experience
Required / Preferred Professional Requirements
Hands on SOC Threat Monitoring and Cyber Incident Response Team experience, required
Management, team lead, or supervisory experience, required
Experience in presenting to upper management and executive-level clients, required
Proficiency-level professional certification (i.e., GIAC Certified Incident Handler, Certified Ethical Hacker) preferred
Managerial-level professional certification (i.e., CISSP, CISA, or GICSP), preferred
Demonstrated knowledge of ISO 27001, ISA / IEC 62443 or NIST 800-53, preferred
Ability to analyze
Experience in offshore and maritime environments, preferred
Prior experience writing technical reports and research papers in English, preferred
Experience developing and delivering training to clients, preferred
ABS Group is committed to the equal employment opportunity of its employees and prohibits discrimination against any employee or qualified applicant on the basis of race, color, creed, religion, national origin, sex, age, disability, marital status, sexual orientation, citizenship status or veteran status, or other non-work-related characteristics that may be protected under the law of the Federal Government or specific state employment laws.
ABSG Consulting Inc.