SOC Lead (Remote or Onsite)

Crane Co is looking for outstanding information security professionals to join the Crane Co. Global Information Security Team!

Do you possess a strong security operations center background and want to lead others while working on interesting problems and helping to advance incident response capabilities? Have you always wanted to make a real impact on effective delivery of security operations at scale?  We have an exciting opportunity helping to lead our blue-team operations using proven and emerging solutions in a comprehensive portfolio for our next-generation security operations center.

You are passionate about leading incidents, performing threat hunting, and have a clear vision about next-gen SOCs and SOAR? Do you enjoy digging deep to finding the threats everything else missed? This role will provide opportunities to advance our global security operations and incident response program by applying cool and interesting security technologies, process and techniques to support SOC and IR for a global organization. This position will provide exposure to best-of-breed security solutions in a challenging and rewarding enterprise setting. You’ll lead other responders and analysts as part of our tight-knit security team and be the escalation path within the global SOC for truly interesting attacks.

As the ideal candidate, you will have solid proficiency in security incident and event management solutions, using modern IR approaches and tools, and have a proven track record implementing and honing a myriad of detective and preventive controls and processes in an enterprise setting.

You must have a desire to lead others while furthering your own development, contributing to continuous improvement initiatives, and have a genuine passion for infosec! Previous security operations center experience, threat hunting prowess, and endless curiosity required.

Core Function: 

This role will be responsible for performing and leading investigations and helping to implement and develop solutions supporting the incident response function. You must be experienced and excited about leading the daily work of security analysts in triaging incoming alerts, and you are adept at prioritizing response and effective remediation of threats.

In this capacity, you will be helping to define and implement processes and standard work for the global security operations function, including playbook development, building threat intelligence informed detections, and performing detailed investigations. This is a very hands-on position; doing threat hunting, utilizing an advanced security stack for daily work, and ensuring team SLAs and performance is met and delivered. Previous senior level security operations center and supervisory experience with threat hunting competency is a must.

You will assist in development and ongoing use of SIEM and SOAR technologies and processes supporting the global information security function. You will customize, develop, and implement the automation of security playbooks using APIs, various scripting methods and programming languages, and provide analytical techniques to build and support interfaces to and from various supporting technologies, tools, and IT systems.

The ideal candidate must have solid proficiency in security incident management and have a proven track record implementing automation to gain efficiencies, reduce errors, and increase capacity of an enterprise incident response program. You must have a strong desire to mature blue team tradecraft, to lead and mentor others, and to further your own development along the way.

The successful candidate will work collaboratively with Global Infosec Management, our Global SOC and other security team functions to ensure our overall cyber-incident preparedness and effectiveness. You will be expected to be able to communicate effectively at all levels of the organization, be extremely detailed, and be focused on delivery to program goals and expectations. You must enjoy contributing to continuous improvement initiatives and have a genuine passion for infosec!

This is an exciting opportunity to grow and make a positive impact on a global program alongside other passionate infosec professionals. If you know you have what it takes to deliver on this and have a desire to lead a team professionals along the way, this is the position you’ve always wanted. 

Responsibilities and Duties:

• Ensure the timely identification, response, investigation, and remediation of all security events and incidents.
• Lead daily work of security operations center team members and provide support to teams in other geographies and time zones as required.
• Develop standard work and processes, build playbooks, and implement analysis logic supporting automation efforts using various techniques including scripting and coding within platforms, APIs and related technologies.
• Enrich and implement additional detective capabilities to enhance or improve incident identification and response.
• Using SOAR techniques, automate and integrate workflows between SIEM, various IR platforms, and other solutions and technologies.
• Work closely with the broader global security team, supporting the analysis and tuning of the effectiveness of solutions, configurations and processes.
• Work closely with Information Technology to identify risks and weaknesses as a component of our vulnerability management program.
• Provide input to the maintenance and enhancement of related policies, documentation, and procedures.
• Contribute to the broader program to ensure best practices are identified and integrated into our approach and methodologies.
• Support the security infrastructure administration and operations function as required.
• Ensure all security incidents for self and team are fully and accurately investigated with comprehensive and effective remediations clearly defined and communicated to stakeholders.

Qualifications and Competencies:

• Senior level experience in security operation center function supporting medium to large enterprises performing incident response.
• Prior responsibilities performing triage, assignment, and closed-loop investigations for a team of SOC analysts and/or incident responders.
• Proven results developing and implementing methods, processes, and procedures for detecting, responding, and resolving computer security incidents.
• Deep understanding of present-day cyber-threats, attacker techniques and behaviors, and effective methods to both detect & repel these threats for a global organization with a distributed enterprise IT environment.
• Prior experience using automation tools leveraging custom development, scripting, and solution platforms .
• Prior experience writing tools to automate tasks and integrate various systems in Python, Powershell, and other scripting languages
• Experience with writing interfaces utilizing, JSON, XML, and REST APIs.
• Experience performing data normalization, correlations, and visualizations .
• Experience with supporting security technologies such as EDR, firewalls, proxies, web and email filters, application allow-listing, sandboxing, SIEM, threat intelligence, vulnerability scanning, syslog, IDS/IPS, DLP, etc.
• Broad technology experience with enterprise-level IT technologies including networks, endpoints, virtualization, cloud, operating systems, email, storage, databases, etc.
• Familiarity with relevant multi-national financial, privacy, and governmental regulatory requirements.
• Highly motivated and self-directed with a passion for solving complex problems.
• Excellent verbal and written communication skills.
• Must be able to prioritize based on risk, schedule and track to deadlines for self and team members.
• Ability to cope well with pressure and make sound decisions in uncertain situations.
• Flexibility to work outside regularly scheduled/normal business hours .
• Ability to travel both domestically and internationally, with little notice (as required).
• Required: 5 years relevant professional experience in Security Operations and Incident Response Management
• Required: 2 years supervisory experience leading SOC/IR analysts
• Required: Technical professional security certifications in Incident Response, Digital Forensics, or Malware Analysis, such as GCIH, GCFA, GNFA, GCTI or similar
• Desired: Degree in a related field
• US Person as defined under EAR PART 772 AND ITAR 120.15

This description has been designed to indicate the general nature and level of work being performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.

Crane Company. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, gender, sexual orientation, general identity, national origin, disability or veteran status.