Robert Walters

SOC Lead (Tier 3) - Splunk (BB-A45EF)

Found in: Neuvoo HK


My MNC client is looking for a SOC lead (level 3) with high expectation on the Splunk implementation and able to lead the incident management


Daily Operations

  • Manage Day to Day SOC operations
  • Act as escalation point for SOC team
  • Coordinate the triaging, investigating and management of ongoing Cyber Security Incidents
  • Day to day management of the NDR, EDR and SOAR platform
  • Create operational documents such as- use cases, play/run books and training materials) on incident response and ensures regular updating of these documents
  • Assist on the creation of various metrics, reporting, review of incident progress and compliance status
  • Support Regional Security Operations to ensure the Security posture of business units are under proper measure, monitor and manage
  • SOC Incident response

  • Support the SOC Manager on incident management and remediation
  • Manage critical and complex incidents
  • Report on critical and complex incidents
  • Assist on developing new ideas on how to improve the security operations, creates technical procedures, handling guidelines and playbooks
  • Where appropriate working with the global SOC responding and resolving events generated by the SIEM
  • Forensics and Malware

  • Conduct Forensic investigations to facilitate such things as root cause analysis, evidence of malicious insider and data breaches
  • Investigate Malicious files and package to ensure RCA and be able to provide those findings to the relevant stakeholders to further secure our environment
  • Security Projects & Deployments

  • Supports in the implementation of the SOC, its security tooling and the resourcing
  • Supports other projects at the discretion of the Head of IT Security
  • Requirements:

  • Degree holder in Computer Science or related disciplines, or appropriate extensive experience
  • GIAC Cyber Security Cert or CISSP qualification is a big plus
  • At least 5 years experiences in Information Security
  • Proficient in utilising Splunk within a SOC and Incident Response environment.
  • Experienced with Endpoint/Network Detection and Response, preferably Crowdstrike and Vectra
  • A sound understanding and working experience of Security Orchestration and Response tooling, preferably Cortex XSOAR
  • Hands on Cyber security incident management within a SOC environment
  • Strong problem-solving skills and fast learner
  • Solid experiences on Information Security Management System and IT Service management
  • Liaison skill & teamwork, passion & commitment mentality
  • Good interpersonal and communication skills
  • Fluent in spoken and written English
  • calendar_today2 days ago


    location_on Hong Kong

    work Robert Walters

    I expressly authorise the Terms and Conditions

    Similar jobs