Sr SOC Architect
Harrisburg, PA/Hybrid (1 day/week)
Contract
JOB PURPOSE AND SUMMARY
The Sr Security Operations Center Architect is primarily responsible for designing, creating implementation roadmap, implementing, and optimizing PHEAA’s NextGen Security Operations Center infrastructure. The Sr. SOC Architect will work closely with cross-functional teams to ensure that our SOC capabilities align with industry best practices and effectively mitigate security risks. This position performs at a high level of complexity with a high level of proficiency under limited supervision.
• Develop and maintain a robust SOC architecture that supports threat detection, incident response, and threat hunting capabilities across a hybrid cloud environment.
• Evaluate and integrate security tools and platforms such as SIEM, EDR, SOAR, NDR, etc. to enhance SOC operations.
• Create and maintain incident response playbooks, standard operating procedures (SOPs), and runbooks for efficient SOC operations.
• Conduct SOC capability assessments and maturity analysis to identify gaps and areas for improvement.
• Establish and optimize monitoring strategies and use cases to improve threat detection and proactive monitoring.
• Develop strategic relationships with internal and external stakeholders, ensuring the SOCs alignment with broader security strategies.
• Provide guidance and technical mentorship to our SOC analysts and security engineers within the ESO.
• Ensure SOC compliance with internal and regulatory requirements by following all applicable NIST SP 800-53 families such as IR, AU, SI, AC, CA, etc. and contribute to audit readiness efforts.
• Stay current with emerging threats and trends, recommending changes to the SOC architecture and processes as needed.
• Prepare detailed emerging threat reports using threat feeds and share any findings with agency stakeholders.
• Assist with developing metrics and dashboards to report to senior management.
• Periodically performing scenario based retroactive threat hunting.
• Review alerts and findings from LogRhythm and cloud-based security tools such as AWS Security Hub, AWS Guard Duty, MS Defender for Endpoints, and Trend Micro Vision One.
• Continuous monitoring of existing information security solutions and security control effectiveness.
• Proactively identify threats and vulnerabilities, and collect, correlate, and analyze data to detect actual or potential unauthorized access to the agency’s networks and systems.
• Evaluate the type and severity of security events by making use of an in-depth understanding of exploits and vulnerabilities. Resolve issues by taking the appropriate corrective action or following the appropriate escalation procedures. Lead forensics investigations when required.
• Triage information security events, prioritize them accordingly, and escalate them as required.
• Analyze alerts and log events to identify potential security threats and initiate incident response procedures.
• Gather all relevant documentation and evidence related to incidents.
• Collaborate with various teams to identify technical controls to meet specific security requirements.
• Perform self-assessments of security controls to determine effectiveness, sufficiency, and gaps.