Security Operations Center Manager - San Mateo, CA
- Department: Information Security and Compliance
- Location: San Mateo, CA, USA
- Country: United States of America
This role will be based in our San Mateo headquarters and will report to the Director of Security Operations, which is part of Guidewire’s global Information Security group. The Security Operations Center Manager will be responsible for leading and providing technical and process direction to the SOC Analysts and MSSP within Guidewire’s Security Operations Center.
Will act as a liaison to other teams within Guidewire, build a positive working relationship with the stakeholders, and ensure SLAs and objectives for threat monitoring, detection and response are achieved. This role will be based in our San Mateo headquarters and will report to the Director of Security Operations, which is part of Guidewire’s global Information Security group.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
• Lead Guidewire’s Security Operations Center team of analysts to monitor, analyze and investigate security logs, events and alerts from a variety of devices and platforms including but not limited to, SIEM, IDS/IPS, Next Gen EDR, OS logs, AWS logs, WAFs etc.
• Act as Guidewire’s blue team lead to identify gaps in visibility and detection of attacks and malicious events, and work towards SOC maturity trends
• Lead projects involving ingestion of new log sources, building content for the SIEM, new rules, filters and collectors as needed for improved context, visibility, correlation
• Provide subject matter expertise in security threat analysis, hunting, detection and response across Guidewire’s Production and Corp IT environments, build IR run books and automated workflows
• Be part of the Security Incident Response Team (SIRT) activities, helping SIRT to detect, respond, contain and recover from security incidents in a timely manner
• Generate and build relevant security dashboards, trends and metrics as needed for the Information Security leadership team to track and communicate performance, coverage, risks and compliance
• 5+ years of previous experience working in leading security operations, hunt teams, or incident response, triaging cyber security alerts, events, incidents – Public Cloud experience required
• Excellent understanding and ability to investigate threat campaign(s) techniques, lateral movements, C&C communications and indicators of compromise (IOCs)
• At least 2 years of hands on experience in Logrhythm SIEM is a must - searching and querying of raw logs, tuning of events and alerts, analysis and investigation of alerts, and writing content for Logrhythm SIEM, AIE rules etc.
• Minimum 5 years of experience in security analytics, correlation, tuning, analyzing and investigating alerts from multiple security technologies including IDS/IPS, SIEM, EDR, Network Packet Analyzers, Log Analysis (Windows, Linux, Web Servers, AWS Cloudtrail, AWS GuardDuty), NextGen Firewalls, NextGen AV, WAFs, etc.
• Strong foundation and troubleshooting experience of Network and Security threats, Linux and Windows operating systems and processes, network traffic analysis, web services, protocols and attack vectors
• Familiarity with at least one public Cloud platform (AWS, Azure, GCP) with understanding/working knowledge of IaaS, platforms and services (i.e. VPC, EC2, S3, RDS, GuardDuty, ECS, EKS etc.)
• Experience developing operations playbooks, IR run books, security orchestration and automated responses and processes within SOC
• Thorough understanding of the threat and attack landscape in networks and web applications, latest security trends, attack vectors, vulnerabilities, and how they are leveraged by malicious actors
• Security certifications like CISSP, CEH, OSCP, GSEC, GCFA, GCIH, GCIA, CHFI, AWS certification etc. are highly desired
• Excellent verbal and written communication skills and ability to document and explain technical details and incident reports clearly and concisely
• B.S. degree in Computer Science or related field or equivalent combination of professional development training and experience
Guidewire Software Inc. provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. All offers are contingent upon passing a criminal history and other background checks where it's applicable to the position.