Security Operations Center (SOC) Lead

The Security Operations Center (SOC) Lead supports the cyber event detection, triage, and response program. This role leads and further develops a team of analysts responsible for 24x7x365 monitoring of threats, as well as the tools and processes that support the core mission of defending the organization against cyber-threats. The SOC Lead reports to the Associate Director of Cybersecurity Operations and collaborates closely with the other cybersecurity teams and business stakeholders to empower the business and continuously enhance the security posture of the organization.

This is a HYBRID role - You should be willing to be in our beautiful downtown Baltimore office at least twice a week to collaborate with the OneMain SOC Team

Responsibilities

• Lead the daily operations and effectiveness of the SOC.

• Benchmark and implement industry best practices to detect and mitigate potential threats

• Participate in the development and tracking of key performance indicators (KPIs) related to SOC operations, to benchmark and further enhance capabilities.

• Lead SOC analysts during cyber event response actions, advise and coordinate with leadership when applicable

• Participate in internal assessments and tabletop exercises, and other activities that contribute to operational readiness.

• Ensure platforms and processes are in compliance with all corporate and regulatory standards and requirements.

• Collaborate with management in developing technical direction, as well as assessing reasonable objectives and timelines.

• Manage and enhance the tools, tactics, and techniques used within with the SOC. Lead in the assessment, architecture and implementation of security technologies.

• Provide teaching/mentoring to SOC Tier I and 2 analysts

• Define protocols and maturing of playbooks for operational response to cyber threats

• Lead the SOC team in a fast-paced environment, while exercising composure, professionalism, and teamwork during cyber events. Support and oversee cyber event response activities as the most senior escalation point on the SOC team. Exercise discretion and confidentiality on a need-to-know basis when performing investigations.

• Perform special projects and other duties as assigned

Qualifications

The SOC Lead position requires strong technical knowledge and experience with security monitoring tools and incident management situations. In addition to technical expertise, a combination of excellent communication and people management skills is required. A successful candidate will be able to coordinate team members in evaluating security events or high-risk situations within an environment to provide clear, concise recommendations and feedback to security leadership.

Desired Skills and Experience

• Minimum five (5) years of experience in IT Security or Information Technology

• Minimum three (3) years of experience working in a Security Operations Center in an enterprise environment

• Bachelor’s degree in Information Technology or equivalent experience. Master’s degree a plus.

• Achieved one or more relevant security certifications (CISSP, GCIA, GCIH, GMON, etc.)

• Ability to communicate effectively with all levels of staff, management, and clients both orally and in writing

• Strong leadership, problem solving and critical thinking skills. Ability to prioritize and execute autonomously.

• Ability to collaborate across the organization and operate effectively with multiple teams and solutions towards a shared goal

• Demonstrated ability to identify automation/orchestration opportunities and developing plan to implement automation

• In-depth understanding of latest security principles and protocols

• Strong understanding of security operations technologies

• Knowledge in emerging technologies and tactics used within a SOC, and how they are applied to improve efficiency and effectiveness 

• Experience with Windows operating systems, as well as network and network security technologies including IPS, proxy, and firewall

• Understanding of tactics, techniques and procedures associated with cyber threats and the ability to develop relevant alerting, countermeasures, and threat hunting techniques.

Who we Are

OneMain Financial (NYSE: OMF) is the leader in offering nonprime customers responsible access to credit and is dedicated to improving the financial well-being of hardworking Americans. Since 1912, we’ve looked beyond credit scores to help people get the money they need today and reach their goals for tomorrow. Our growing suite of personal loans, credit cards and other products help people borrow better and work toward a brighter future.

Driven collaborators and innovators, our team thrives on transformative digital thinking, customer-first energy and flexible work arrangements that grow lives, careers and our company. At every level, we’re committed to an inclusive culture, career development and impacting the communities where we live and work. Getting people to a better place has made us a better company for over a century. There’s never been a better time to shine with OneMain.

Because team members at their best means OneMain at our best, we provide opportunities and benefits that make their health and careers a priority. That’s why we’ve packed our comprehensive benefits package for full- and some part-timers with: 

• Health and wellbeing options for team members and their dependents

• Up to 4% matching 401(k)

• Employee Stock Purchase Plan (10% share discount)

• Tuition reimbursement

• Continuing education

• Bonus eligible

• Paid time off (15 days’ vacation per year, plus 2 personal days, prorated based on start date)

• Paid holidays (7 days per year, based on start date)

• Paid volunteer time (3 days per year, prorated based on start date)

• And more

#LI-DWB