The post in a nutshell:
The head of the SOC (Security Operation Center) plans and organizes the daily operations of the SOC in order to assess the level of vulnerability and detect suspicious or malicious activities. It sets up the security incident detection service. It validates the proper execution of security event supervision and management processes and ensures complete and accurate reporting of key indicators. It defines and steers the SOC’s service improvement plan.
Equivalent title: Head of the Security Operations Center, Head of the Cyber Defense Center, Head of the Security Incident Detection Service
- Plan and organize the daily operations of the SOC
- Provide operational support for security crisis management in the event of major security incidents
- Ensure relations with CERT (Computer Emergency Response Team) or CSIRT (Computer Security Incident Response Team) incident response teams, particularly in a crisis situation to coordinate the various operational security teams
Prevention and detection strategy:
- Prevention and detection strategy: Define the SOC strategy, ensure technical consistency, take into account regulatory requirements
- Define and implement SOC tools for event collection, access to security platforms, search for suspicious events, alert management, security incident monitoring workflows
- Feed the detection strategy from a global vision of the nature and level of vulnerability of the IS
- Define detection use cases and integrate them into detection tools
- Define and implement notification and escalation processes
- Evaluate and validate the effectiveness of the tools deployed in the SOC and lead the necessary corrective action plans if necessary
- Create synergies with other security teams by sharing information on identified threats (internally and externally)
Our advice: this position is open to women and men. Motivation and the desire to learn are the fundamental qualities for the success of your project. Don’t put a barrier on yourself, you can do it.
- Operating system security
- Network security and protocols
- Cyberdefence: knowledge of crisis management
- Cyberdefense: practice of log analysis (systems or applications)
- Cyberdefence: practice of network flow analysis
- Cyberdefence: knowledge of event log correlation tools and methods (SIEM)
- Cyberdefense: knowledge of security monitoring solutions
- Cyberdefense: knowledge of attack and intrusion techniques
- Cyberdefense: knowledge of Scripting environment vulnerabilities
- Team management
- Ability to work across the organization
- The ability to work in a team
- Ability to withstand pressure
- Capacity for restitution and popularization for non-technical audiences
- ethical sense
Description of the profession in the ANSSI directory
The SOC manager must acquire a good understanding of the supervision needs for critical business activities in order to ensure the development of application and specific use cases (e.g. monitoring of industrial IS). In addition, the SOC manager must manage more and more security incidents and must therefore develop a good understanding of the threats that weigh on his perimeter.
How to get into the job
Education: Bac +5, specialization in cybersecurity Professional experience of at least 5 years within a SOC
Are you looking forward to long studies? Is your job goal to quickly lead multidisciplinary teams?
Or do you enjoy life on our campus so much that you want to stay forever?
The 5-year program is made for you.
Our Master program is adapted to professions with supervising responsibilities and addresses specific cybersecurity requirements. It allows you to deepen and refine your knowledge and skills in one of our 3 specialisations: Information Technology (IT), Industrial (OT) or Management of Cybersecurity Operations (SOC).
The complete career guide
Condimentum lacinia quis vel eros donec ac odio. Nibh cras pulvinar mattis nunc sed blandit libero volutpat. Facilisis gravida neque convallis a cras semper auctor neque vitae.
Same field jobs
Our school provides training in 21 cybersecurity jobs, from technical to supervising positions, from IT operations to industrial systems security. Here is the list of jobs you will be trained for by attending one of our training programs.