Job Description

We are looking for an experienced and strong Technical Manager who will provide leadership & oversight for the Security Operations Centre (SOC) at Guidewire. This role is responsible for managing the SOC operations, providing expertise on all relevant security technologies and establishing escalation processes for incidents that have been deemed critical. The position will be responsible for continuously monitoring levels of service of the SOC and engaging with stakeholders to improve operational efficiency.

Responsibilities

• Manage and continue to build a team to conduct security incident detection and response activities
• Responsible for creating and implementing Standard Operating Procedures (SOPs), processes, playbooks, and templates for a SOC function, including monitoring, response, investigation, escalation, communication, and reporting
• Perform investigation and escalation for complex or high severity security threats or incidents and serve as an escalation resource for the security analysts
• Assist, collaborate & follow-up with internal and external contacts on remediation of security incidents
• Develop and maintain reporting metrics and mechanisms used to measure SOC effectiveness
• Engage with various security functions to cross collaborate to improve operational efficiency of SOC
• Ensure effective operational control of the environment, strengthen the attack detection and response processes, developing and integrating all SOC related processes
• Identifying the training requirements of the teams and work closely with the team to help improve their skills

Requirements

• A minimum of 9-12 years of relevant professional experience
• Demonstrated leadership experience with at least 2 years in a managerial or team lead capacity
• Proven experience in incident handling/incident response techniques within a cloud-based environment such as AWS/Azure/GCP
• Experience with thorough documentation around incident response analysis activities
• Expertise in Cyber Security attacks, tools & techniques, and experience with Advanced Threat management
• Ability to tune correlation rules and outcomes via security information and event management (SIEM) and security orchestration, automation, and response (SOAR) platforms
• Has a sound understanding of SIEM, DLP, CASB, EDR, operating systems, MITRE ATT&CK framework and other threat detection platforms
• Excellent written and verbal communication skills to present technical topics to technical and non-technical audiences
• Good Analytical, Problem solving and Interpersonal skills

Good to have:

• Certifications from SANS, Offensive Security, ISC2, AWS, Azure, GCP are a plus