AWS SPECIALIST - Security Operations Centre

Principal accountabilities
• Mentorship and Training: Provide ongoing coaching and support to SOC team members, fostering a culture of continuous learning and improvement.

• Skill Development: Design and deliver training programs on AWS, security tools, and best practices to enhance the technical skills of the SOC team.

• Incident Response Support: Guide the team in managing and responding to security incidents, ensuring effective use of AWS and other tools.

• Process Improvement: Collaborate with SOC engineers to develop and refine incident response procedures and playbooks.

• Performance Monitoring: Assess the team’s performance, provide feedback, and identify areas for further development.

Knowledge, experience, and skills

Knowledge and skills required
• Incident Management Coaching: At least 3-5 years of experience in Incident Management, Security Operations (SecOps), or IT Security, with a proven ability to coach and guide team members through handling and resolving security incidents.

• SIEM Tools Training: Extensive experience in reviewing and responding to Security Information and Event Management (SIEM) alerts, with proficiency in tools such as Splunk or Microsoft Sentinel. Ability to train and mentor team members on effective use of these tools.

• EDR Systems Mentorship: Hands-on experience with Endpoint Detection and Response (EDR) systems like Microsoft Defender or Symantec, including the ability to coach team members in analysing and responding to alerts.

• Cloud Security Expertise: Strong experience in cloud security, particularly with AWS, including knowledge of AWS security services and best practices. Ability to develop and deliver training programs on these topics.

• Cyber Investigations Guidance: Demonstrated ability to conduct thorough cyber investigations independently, with a focus on mentoring team members to develop their investigative skills.

• Third-Party Collaboration: Experience working with third-party suppliers and vendors to ensure security measures are in place and incidents are managed effectively. Ability to coach team members on best practices for collaboration.

• Enterprise Security Controls: Familiarity with enterprise security controls and security best practices for various operating systems, including Windows, Linux, and Mac. Ability to mentor team members on implementing these controls.

• Training and Development: Proven experience in mentoring and training technical teams, with a focus on upskilling team members in cybersecurity tools and practices. Ability to create and deliver engaging training sessions.

• Process Improvement Coaching: Experience in developing and refining incident response procedures and playbooks, with a focus on coaching team members to enhance their efficiency and effectiveness.

• Communication and Reporting: Strong communication skills, both written and oral, with the ability to coach team members on providing clear and concise reports and updates to various stakeholders.

• Continuous Improvement: A proactive approach to identifying areas for improvement within the SOC team and implementing coaching strategies to address them.

Experience required
• At least 5 years’ experience in Incident Management, SecOps or IT Security
• Experience of reviewing SIEM alerts and responding to them appropriately
• Experience working through cyber investigations independently
• Proven experience of Splunk or Sentinel
• Worked with EDR systems such as Defender or Symantec
• Knowledge of KQL and SPL
• Threat Hunting experience
• Experience working with third-party suppliers and vendors
• Familiarity with enterprise security controls and security best practices for Windows, Linux, and Mac systems or similar
• Experience of working with and securing Azure & AWZ cloud workloads

Qualifications required
Ideally have experience in the below:

• Relevant certifications (e.g., AWS Certified Security, CompTIA Security+).
• At least 5-10 years of experience in cybersecurity, with a focus on incident response and security operations.
• Experience with SIEM tools, EDR systems, and cloud security.