Cyber Security – SOC Lead



Galp is recruiting a Cyber Security - SOC Lead

About: Galp is an energy company committed to develop efficient and sustainable solutions in its operations and in the integrated offers provided to its clients. They create simple, flexible, and competitive solutions for the energy and mobility needs of both industrial and individual consumers. Their portfolio includes multiple types of energy - from renewable electricity to natural gas and liquid fuels. They contribute to the economic development of the 10 countries in which they operate and to the social progress of their host communities. They are, therefore, leaders in their sector in the main sustainability indexes worldwide. They are 4 geographies, 49 nationalities and more than 6.000 experiences waiting to be shared. They are looking for people with strength, passion, determination, and vision to be part of their growth. Will you accept the challenge?


Mission: Passionate about Cybersecurity? Seeking new challenges? Do you have analytical thinking and a problem-solving mindset?

Galp is seeking a SOC Lead who combines in-depth technical knowledge with strong leadership skills, responsible for the oversight of Security Operations Center (L1 and L2), providing real-time, continuous cybersecurity monitoring and triage, uninterrupted event detection, incident analysis, and collaborate in the response under the CSIRT (L3) coordination.

You will Lead a Hybrid SOC, managing a combination of MSSP service for 24/7 (L1), dedicated external and internal Team members (L2), covering non-office hours through rotating on-call duty.

As a technical leader, you need management experience as well as technical expertise as this is a hands-on role responsible for activities including analysis, oversight and quality assurance of potential security incidents, definition and improvement of uses cases and playbooks, and continuous identification and increase of monitoring scope.


What you'll do:

  • Oversee the process of detecting, analyzing, and responding (L1/L2) to potential security incidents, ensuring that the SOC team is able to effectively handle incidents when they occur;
  • Lead and manage the MSSP L1 Services, responsible for security event monitoring;
  • Ensure that Service Level Agreements are defined, tracked and met;
  • Work hand-in-hand and in full alignment with the Head of CSIRT, responsible for L3, in topics such as use case and playbook development and improvement, response to incidents, regular purple team exercises and crisis simulations;
  • Revise Standard operation policies & procedures as required and ensure it is followed by the team;
  • Continuously identify opportunities to improve security monitoring and coverage (Onboarding systems and log sources);
  • Craft and use metrics to measure the performance of the service and drive improvements;
  • Provide technical leadership and advisory to junior team members on SOC activities;
  • Mentoring the team of Security Analysts to ensure they have the appropriate tools, training, and knowledge to be successful;

What you'll need:

  • Degree in Cybersecurity, IT Engineering, Computer Sciences or related technical discipline, or the equivalent combination of education, technical training, or work experience;
  • 6+ years of technical security experience, with 2+ years of experience leading a cyber incident response or security operations team within a large enterprise organization;
  • Proven experience in establishing and leading a SOC, with hands-on expertise;
  • Current professional certifications such as CISSP, CISM, CCSP, GCLD, GCIH, GSOC, GSOM, ECIH, or others are advantageous;
  • You have proven experience leading a team and driving processes;
  • Exceptional organizational skills are a must as well as the ability to motivate a team to success;
  • Great communication abilities (oral and written) for both technical and non-technical discussions;
  • Deep technical understanding of SIEM, SOAR, EDR, firewalls, network and email security tools with a variety of enterprise IT and cloud-based architectures and technologies;
  • Experience with monitoring, analysis, containment, and post incident for Cloud (AWS, Azure, GCP) and general cloud security concepts is a plus;
  • Solid grasp of common cyber frameworks and models such as the MITRE ATT&CK, D3FEND and Cyber Kill Chain;
  • Familiarity of the cyber threat landscape including threat actors, tactics, tools and procedures, and effective countermeasures;
  • Knowledge of common techniques used by malware and threat actors and industry standard léxicon;
  • Verbal / written Portuguese fluent - Mandatory
  • Verbal / written English fluent - Mandatory
  • Verbal / written Spanish - Preferential


Want to know more? Get in touch with us πŸ‘‡

I allow DAMIA GROUP to store and process my personal data. My information will be handled in accordance with DAMIA GROUP Privacy Policy*
Download 2024 Benchmark
× Reach out!