SOC Lead (Remote or Onsite)

Crane Company•Stamford, CT

3d•Hybrid

About The Position

Crane Co is looking for outstanding information security professionals to join the Crane Co. Global Information Security Team! Do you possess a strong security operations center background and want to lead others while working on interesting problems and helping to advance incident response capabilities? Have you always wanted to make a real impact on effective delivery of security operations at scale? We have an exciting opportunity helping to lead our blue-team operations using proven and emerging solutions in a comprehensive portfolio for our next-generation security operations center. You are passionate about leading incidents, performing threat hunting, and have a clear vision about next-gen SOCs and SOAR? Do you enjoy digging deep to finding the threats everything else missed? This role will provide opportunities to advance our global security operations and incident response program by applying cool and interesting security technologies, process and techniques to support SOC and IR for a global organization. This position will provide exposure to best-of-breed security solutions in a challenging and rewarding enterprise setting. You’ll lead other responders and analysts as part of our tight-knit security team and be the escalation path within the global SOC for truly interesting attacks. As the ideal candidate, you will have solid proficiency in security incident and event management solutions, using modern IR approaches and tools, and have a proven track record implementing and honing a myriad of detective and preventive controls and processes in an enterprise setting. You must have a desire to lead others while furthering your own development, contributing to continuous improvement initiatives, and have a genuine passion for infosec! Previous security operations center experience, threat hunting prowess, and endless curiosity required.

Requirements

Senior level experience in security operation center function supporting medium to large enterprises performing incident response.
Prior responsibilities performing triage, assignment, and closed-loop investigations for a team of SOC analysts and/or incident responders.
Proven results developing and implementing methods, processes, and procedures for detecting, responding, and resolving computer security incidents.
Deep understanding of present-day cyber-threats, attacker techniques and behaviors, and effective methods to both detect & repel these threats for a global organization with a distributed enterprise IT environment.
Prior experience using automation tools leveraging custom development, scripting, and solution platforms.
Prior experience writing tools to automate tasks and integrate various systems in Python, Powershell, and other scripting languages
Experience with writing interfaces utilizing, JSON, XML, and REST APIs.
Experience performing data normalization, correlations, and visualizations.
Experience with supporting security technologies such as EDR, firewalls, proxies, web and email filters, application allow-listing, sandboxing, SIEM, threat intelligence, vulnerability scanning, syslog, IDS/IPS, DLP, etc.
Broad technology experience with enterprise-level IT technologies including networks, endpoints, virtualization, cloud, operating systems, email, storage, databases, etc.
Familiarity with relevant multi-national financial, privacy, and governmental regulatory requirements.
Highly motivated and self-directed with a passion for solving complex problems.
Excellent verbal and written communication skills.
Must be able to prioritize based on risk, schedule and track to deadlines for self and team members.
Ability to cope well with pressure and make sound decisions in uncertain situations.
Flexibility to work outside regularly scheduled/normal business hours.
Ability to travel both domestically and internationally, with little notice (as required).
5 years relevant professional experience in Security Operations and Incident Response Management
2 years supervisory experience leading SOC/IR analysts
Technical professional security certifications in Incident Response, Digital Forensics, or Malware Analysis, such as GCIH, GCFA, GNFA, GCTI or similar

Nice To Haves

Degree in a related field
US Person as defined under EAR PART 772 AND ITAR 120.15

Responsibilities

Ensure the timely identification, response, investigation, and remediation of all security events and incidents.
Lead daily work of security operations center team members and provide support to teams in other geographies and time zones as required.
Develop standard work and processes, build playbooks, and implement analysis logic supporting automation efforts using various techniques including scripting and coding within platforms, APIs and related technologies.
Enrich and implement additional detective capabilities to enhance or improve incident identification and response.
Using SOAR techniques, automate and integrate workflows between SIEM, various IR platforms, and other solutions and technologies.
Work closely with the broader global security team, supporting the analysis and tuning of the effectiveness of solutions, configurations and processes.
Work closely with Information Technology to identify risks and weaknesses as a component of our vulnerability management program.
Provide input to the maintenance and enhancement of related policies, documentation, and procedures.
Contribute to the broader program to ensure best practices are identified and integrated into our approach and methodologies.
Support the security infrastructure administration and operations function as required.
Ensure all security incidents for self and team are fully and accurately investigated with comprehensive and effective remediations clearly defined and communicated to stakeholders.