SOC Team Lead

I. PURPOSE

Participate and support activities that will help improve the existing service operations and operationalize the service portfolio to achieve service excellence, operational efficiency, and retention of customers. 

II. DUTIES AND RESPONSIBILITIES

Accomplish all assigned tasks by the Shift Manager in a timely and effective manner as deemed necessary for the betterment of the organization.

Follow effective and efficient processes and comply with escalation protocols. 

Report significant events to the Shift Manager and participate in shift turnovers.

Contribute to the knowledge and information relevant to Service Operations.

Collaborate with other team members to improve workflows, documentations, standards, and processes.  

Participate in activities promoting a harmonious working environment such as demonstrating trust and respect and practicing open communication.  

Comply with company policies, guidelines, standards, and procedures.  

Perform all other duties and tasks as assigned by the Shift Manager and MSS Manager.

Availability Management

Manage daily shifts and leaves, create operational procedures, and schedule team members’ trainings to be taken as compliance to agreed levels of availability of people and processes needed for Service Operations delivery.

Monitor daily metrics compliance defined by the management and is accountable for the team’s daily operations.

Ensure that the tools being used are appropriate for the agreed service level targets for availability such as tools for requesting access and for error/Incident reporting and escalation.

Capacity Management

Determine and track the capacity and performance of people, processes, and organizational controls, and ensure resolution of issues through operational adjustment of processes, tools, and people.

Execute strategies developed by the managers to deliver the service and plans for short, medium, and long-term business requirements.  

IT Service Continuity Management

Perform the role assigned in the Business Continuity Plan (BCP).

Lead the team in following and participating in Business Continuity Plan (BCP) activities to ensure continuity of performance of people and processes and that minimum agreed service levels are met in case of a disruptive incident/s.

Risk Management

Participate in the execution of risk treatment plans
to people and processes needed for Service Operations that may impact clients, Sales Groups, and other relevant stakeholders. 

Service Level Management

Ensure compliance of Service Level Agreements with clients.

Manage the performance of team members in Internal Support

Monitor and report on Operational Service Levels. 

Change Advisory Board 
 

Review Method of Procedures (MOP) to be presented during Managed ICT Services Change Advisory Board meetings.

Participate in client Change Advisory Board meetings as needed.

Create advisories on the possible impact, risks, and effects of proposed client changes. 

Provides Method of Procedure/s and other documentation to clients whenever necessary.

Configuration Management

Collects and ensures accurate information of configurations of client assets during Service Operations.

Maintains information about Configuration Items (CIs) of client assets as part of Service Operations.

Maintains a logical model, containing the components of client CIs and their associations.

Handover configuration items and other relevant information to Service Transition for Offboarding.

Client Support 
 

Ensure that the team members are:

Performing triage received events and incidents.

Handling cases assigned to team members.

Performing brand monitoring and takedown requests.

Processing Service Requests within agreed Service Level

Undertaking immediate effort/s to restore a failed service of a Managed Service client as quickly as possible.

Handling escalation and follow-ups until resolution.  

Create Incident and Root-Cause-Analysis (RCA) Reports. 

Execute set frameworks, guidelines, and procedures that follow best practices and applicable frameworks for Events Management, Incident Management, and Service Requests.

Client Incident Management
 

Create operational playbooks to detect, analyze, eradicate, remediate, and recover from client cybersecurity and quality of service incidents.

Lead resolution of Priority-2 escalations.

Lead initial triage and resolution of Priority-1 incidents.

Escalate incidents that may turn into a problem or disaster.

Create RCA Reports and execute Compromise Assessment/Preventive Action (CA/PA).

Client Access Management 
 

Ensure team members perform authorization of users’ right to access client assets, while preventing access to non-authorized users. 

Essentially executes Terms and Conditions of the client.

Client IT Asset Management 
 

Ensure that clients’ managed assets are accounted for, maintained, upgraded if within scope.

Monitors the clients’ managed assets lifecycle and provides reports and recommendations to the Client, Service Delivery Manager/s, and other relevant stakeholders.

Client Problem Management 
 

Provide necessary data and ensure CA/PA is implemented.

Ensure team’s compliance to contractual problem management deliverables.

Process Management  

Create, share, use, and manage the documented processes of Service Operations, and ensure that these processes are being followed.
 

Knowledge Management 
 

Responsible in updating the knowledge and information pertaining to existing Clients and clients’ Managed ICT assets.

Continual Service Improvement Management 
 

Execute improvement plans of the people and processes of Service Operations.

Suggest, follow, and deploy new processes, and ensure that the team follows.

Review and guarantee quality of data and content of tickets.

III. QUALIFICATIONS

A.    Minimum Education

Must be a graduate of any IT related bachelor’s degree such as:

Computer Studies

Computer Engineering

Information Technology

Electronics Engineering

B.    Minimum Experience/Training

Have at least 4 years of working experience in a 24x7x365 Security or Network Operations Center.

Trainings and/or certifications on any of the following domains are required:

IT Service Management

IT Infrastructure (Network, Servers, Cloud, etc.)

Cybersecurity and/or Information Security

C.    Competency

(F) - Familiar / 0-12 months  
(N) - Novice / 1-2 years  
(I) - Intermediate / 3-4 years  
(A) - Advanced / > 5 years  

KNOWLEDGE
 

(I) Knowledge of cybersecurity and privacy principles.  

(I) Knowledge of computer networking concepts and protocols, and network security methodologies.  

(I) Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).  

(I) Knowledge of cyber threats and vulnerabilities.  

(I) Knowledge of specific operational impacts of cybersecurity lapses.  

(I) Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).  

(I) Knowledge of system administration, network, and operating system hardening techniques.  

(N) Knowledge of MITRE ATT&CK Framework and NIST SP800-61  

SKILL
 

(N) Skill in using SIEM (Splunk or McAfee SIEM is a plus) and SOAR (Swimlane or Siemplify is a plus) platforms  

(I) Skill of identifying, capturing, containing, and reporting malware.  

(I) Skill to design incident response procedures.  

(I) Skill to collaborate with different teams and communicate thoughts and ideas.  

ABILITY
 

(N) Ability to apply SOAR playbooks and SIEM correlation rules for investigating host and network-based intrusions.  

COMMUNICATION SKILLS  

(N) Speaks clearly and can be easily understood.  

(N) Expresses & speaks ideas in a logical and organized sequence.  

(N) Writes clearly, concisely, and effectively.  

(N) Expresses ideas in a logical and organized sequence in written form.  

IV.  WORKING CONDITIONS

Reporting to the company’s main office in Makati City.

Shifting schedule.

Collaborate physically and/or virtually with internal and external stakeholders.

May travel for company-sponsored conferences and related marketing events.

Attend training and acquire certifications that are applicable to the role.