Job description Team Leadership & SOC Operations Core Responsibilities: Supervise a 24/7 SOC team monitoring data center infrastructure for security threats (e.g., DDoS, malware, unauthorized access). Assign tasks, conduct shift handovers, and ensure adherence to SLAs for incident response. Mentor SOC analysts in threat detection, analysis, and escalation procedures. Incident Management Act as the primary escalation point for high-severity incidents (e.g., ransomware, data breaches). Lead forensic investigations and root-cause analysis for security events. Coordinate with IT, network teams, and external stakeholders (e.g., law enforcement, vendors) for containment/remediation. Security Infrastructure Oversight Manage SIEM (e.g., Splunk, IBM QRadar), IDS/IPS, EDR/XDR, and firewall tools for the data center environment. Ensure regular updates/patches and optimize rule sets to reduce false positives. Oversee vulnerability scans and penetration tests; prioritize remediation with IT teams. Process Improvement & Compliance Develop/update SOC playbooks, runbooks, and incident response plans. Align operations with standards (ISO 27001, NIST, PCI DSS) and regulatory requirements. Generate KPI/KRI reports (e.g., MTTR, threat trends) for management. Threat Intelligence & Collaboration Monitor threat feeds (e.g., ISACs, CERTs) and integrate actionable intelligence into monitoring. Conduct red-team/tabletop exercises to test SOC readiness. Stakeholder Communication Brief senior leadership on critical risks and post-incident reviews. Liaise with data center ops teams to enforce security policies (e.g., access controls, hardening).

Qualifications & Skills: Technical: 5+ years in SOC operations, preferably in data center/cloud environments. Expertise in SIEM, network protocols, OS (Linux/Windows), and cloud security (AWS/Azure/GCP). Certifications: CISSP, CISM, GIAC (GCIH/GCIA), or equivalent. Leadership: Proven ability to manage teams under pressure. Strong communication for cross-departmental collaboration. Mandarin Speaker is Mandatory Work Environment: On-call rotation for critical incidents. Hybrid role (remote/on-site) with focus on data center security.