Senior Soc and Threat Intelligence Manager at Mimecast Services Limited in Lexington, MA

Save or bookmark jobs as you go and access them anytime later with your account.



Senior Soc and Threat Intelligence Manager


Title: Senior Soc and Threat Intelligence Manager

Job ID: 2019-4649
Type: Permanent Full Time
# of Openings: 1
Category: Information and Product Security
Lexington, Massachusetts


Mimecast is looking for a talented, experienced, enthusiastic and people focussed Senior SOC and Threat Intelligence Manager to lead, manage and mentor Mimecast’s global SOC and Threat Intelligence (SOC/TI) teams. You will provide day-to-day management and strategic direction of these teams, ensuring that they remain a centre of excellence. This strategic, highly visible role reports directly to Mimecast’s CISO.

You will be responsible for building out an appropriately skilled 24x7x365 SOC team by defining and implementing the team’s structure, policies and processes. You will drive improvements in capability, throughput and efficiency of the SOC by implementing improvements to the SOC’s people, processes and technologies making the SOC more effective in detecting, investigating, remediating and recovering from security incidents. You will align SOC/TI activities with the overarching security strategy and be able to communicate status updates and progress reports to at the Executive and Board levels, backed up by meaningful metrics.

You will work with various internal and external SOC/TI-related stakeholders to make sure that Mimecast’s security posture is always being strengthened as we work to continually improve our security configurations, practices and processes. You will be responsible for controlling SOC/TI budgets and monitoring SOC/TI related costs. You must have an extremely people centric approach, be able to perform well under pressure and in adverse situations and have demonstrated experience building, managing and growing a high performance team.


  • Provide day-to-day management and strategic direction to the global SOC/TI teams
  • Build and maintain an appropriately skilled 24x7x365 SOC/TI team by defining and implementing the team’s structure, policies, processes, schedules and playbooks
  • Develop and implement training plans, perform personnel reviews and personnel development activities
  • Manage the team’s hiring and offboarding activities
  • Provide mentoring, procedural guidance, support and operational oversight for the SOC/TI team
  • Set and monitor KPIs and objectives for the SOC/TI and the members in the team
  • Monitor and evaluate the SOC/TI team’s output then implement plans to improve capability, throughput and efficiency of the team where necessary
  • Identify and remediate technology and process gaps in the SOC/TI team
  • Collaborate with the Security Engineering group to ensure SOC/TI technologies are stable, scalable and performant
  • Evaluate existing SOC/TI technology and processes to ensure they are continually operating in the most effective way to detect, investigate, remediate and recover from security incidents
  • Empower the SOC/TI team to run investigations into the root cause of security events by ensuring the team has the appropriate access to tools and resources
  • Build escalation paths and foster relationships with groups the SOC/TI will interact with
  • Work with various SOC/TI related stakeholders to make sure that Mimecast’s security posture is constantly being evaluated, refined and strengthened
  • Review and improve processes concerning the detection, investigation, remediation and reporting of security events through to the closure of security-related incidents
  • Maintain and enhance incident handling and response policies and processes
  • Drive the development and implementation of new methods for detecting attacks and malicious activities
  • Test the SOC’s ability to handle security incidents through table-top and simulated exercises
  • Conduct lessons learned sessions following live or simulated incidents to ensure continual improvements
  • Apply commonly used information security standards with respect to the technology and processes used in the SOC/TI
  • Produce and manage a SOC/TI budget appropriate to current and future needs of the team
  • Assist with Mimecast's certification program, including supporting ISO 27001, SOC 2 type II and FedRAMP activities
  • Drive SOC maturity improvements by benchmarking the SOC/TI functions against NIST CSF


  • +10 years of Security relevant experience and +5 years of SOC management experience preferably managing global staff
  • Ability to align SOC/TI activities with the overarching security strategy
  • Ability to develop a SOC/TI metrics program in order to measure the strengths and weaknesses of our security program and track progress towards the agreed goal state
  • Equally comfortable shaping strategy and rolling-up your sleeves up to get things done
  • Ability to interface with technical teams to remediate threats and vulnerabilities detected by the SOC/TI team
  • Demonstrable experience with Event Detection tools (e.g. CrowdStrike, FireEye, Palo Alto, Sophos)
  • Demonstrable experience with IDS/IPS (e.g. TippingPoint, Sourcefire, Snort, Suricata)
  • Experience building and sustaining high performance teams and coaching of analysts in a way that helps them maximize performance and potential
  • Experience developing and maintaining SOC/TI processes and playbooks
  • Understanding of relevant Security frameworks (e.g., ISO27001, CIS CSC, NIST, SOC II, FedRAMP, HIPPA, PCI DSS etc.)
  • Experience in Security Event analysis and triage, incident handling , root-cause identification and lessons learned activities
  • Speciality in two or more of the following Information Security domains:
    • Cyber Intelligence Analysis, Threat Monitoring, Incident Response, Machine Learning and Artificial Intelligence, Malware Analysis, Computer Forensics, Endpoint Protection, Network Security, Infrastructure Security, Application Security, Platform Security, Identity and Access Management, Security Education and Awareness, Vulnerability Scanning and Management and Compliance and Risk Management
  • Experience in defining and leading Blue Team vs. Read Team engagements in order to test the effectiveness of the SOC/TI and implement improvements
  • Experience in delivering table-top exercises and simulated testing of processes, procedures and technology
  • Able to interpret and prioritize the results of vulnerability scans
  • Ability to communicate cybersecurity risks to Executives and identify what’s required to reduce unmitigated risks
  • Exceptional communication skills along with a team orientation


  • Experience with managing outsourced, inhouse and hybrid SOC units
  • Ability to write and understand scripts in languages such as Python, Ruby, Bash, etc.
  • Ability to analyse logs to identify technical risks, reducing or eliminating the number of false positives
  • Demonstrable experience with an enterprise-grade SIEM platform (e.g., LogRhythm, Elastic, Splunk, AlienVault, ArcSight, QRadar etc.)
  • Experience with ‘big-data’ platforms such including Hadoop, HDFS, Apache Spark etc.
  • Security related certifications, for example CISSP, GCIH, CEH, OSCP.
  • Bachelor’s degree in Computing, Information Technology, Engineering or a related field, with a strong security component.


We offer a highly competitive rewards and benefits package including private healthcare, pension, life cover, child care vouchers and an annual gym subsidization. Mimecast is an entrepreneurial and high growth company which will provide the right candidate with a wealth of career development opportunities. All Mimecasters strive on being high performers, problem solvers, team players with passion, integrity and effectiveness. We strive to attract exceptional people who have ‘’that extra something’’ and really enjoy what they do. Are you ready to jump onboard with us?

Similar Jobs

See All »

Other Jobs at Mimecast Services Limited

See All »