Technical Lead, Security Operations Center

We are Subway Headquarters! A dedicated team of professionals supporting thousands of franchisees around the globe.

Region: Shelton, CT

Ready for a fresh, new career? Look no further because one of the world's most iconic brands can help you get there.

Why Join Us?

At Subway, "better" is baked into our DNA. We are a brand that believes in continued improvement ... in our lives, our businesses, and our planet. From the handshake that started our very first sandwich shop to earning our position as one of the world's leading restaurant brands, we've always embraced change and the path ahead. And today, we're making better living way easier.

Our purpose is about more than the food we serve in our restaurants. It's centered on fueling healthy businesses and healthier lives. It is one of the most exciting times to join the Subway team and contribute to our transformational journey.

About the Role:

We have an exciting opportunity to support our Information Security team as a Technical Lead, Security Operations Center (SOC) based in Shelton, CT. The SOC Lead will optimize the Security Operations stack and lead a team of SOC Analysts and Engineers. This role requires a focus on outcomes through tactical and strategic efforts to manage processes, reduce analyst fatigue, integrate and automate processes to foster a frictionless SOC.

Security Operations team members will look to the SOC Lead for coaching and mentorship, to develop and promote continuous learning and resilience. Additionally, the SOC Lead will work in concert with Security Architecture, with continuous cross-collaboration of initiatives, incident response, and quality assurance for various controls and tooling.

The ideal candidate is capable of building a culture of security awareness and accountability through training, testing and communication. An ability to develop strategic relationships and navigate complex cybersecurity discussions with non-technical audiences is a key skill.

If you feel that this is the role for you, and you are successful with your application, be ready to be Bold, Empowered, Accountable, and ready to have Fun in a fast paced and agile working environment.

Responsibilities include but are not limited to:

• Leading triage and commanding incident response situations in partnership with Infrastructure and Technology teams.
• Developing and improving playbooks and SOPs with a bias for proactive SOC, and integrating cybersecurity threat intelligence and adversary TTPs sources.
• Developing and managing security awareness training programs, personnel skill testing and phishing simulations.
• Developing and improving operational metrics, as well as articulating verbal or written narratives represented by them.
• Utilizing curated strategies and industry frameworks such as MITRE ATT&CK and Cyber Kill Chain to identify defense gaps.
• Developing security automation and orchestration workflows for with an ability to improve time to response, while maintaining consistency and safety.
• Takes 100% responsibility for projects coordinating efforts across teams to achieve a common goal.
• Proactively identifies problems/risks for all domain in a project and communicates these issues early to help course-correct.
• Expert ability to estimate level of effort necessary to complete project.
• Collaborates across multiple domains on a project level.
• Ability to use negotiation and persuasion to build consensus and gain cooperation.
• Holds the team accountable to best practices for engineering standards and deployment practices.
• Ability to participate in an on-call rotation to provide after hour support as needed.

Qualifications (some examples listed below):

• Bachelor's degree in Computer Science or Systems Engineering or equivalent skillsets from work experience.
• 
  

  5-7+ years of experience as a Security Analyst or similar role.

  
  
• 1+ years of experience in a lead Security role.
• Administered security training platforms such as KnowBe4, Proofpoint and Cofense.
• Managed Microsoft 365 services such as Defender, MCAS and Purview.
• Strong communication skills, detail oriented.
• Operated IDaaS services such as Okta, Auth0 and Ping Identity.
• Operated Web and API security platforms such as Akamai, Cloudflare and Imperva.
• Monitored Layer-7 firewalls such as Palo Alto, Checkpoint and SonicWall.
• Monitored network activity from services such as Azure, AWS, Juniper Mist, CrowdStrike, Guardicore and Illumio.
• Expertise in utilizing EDR/XDR (CrowdStrike, Microsoft and Palo Alto) technologies to detect, prevent and respond to cybersecurity threats.
• Expertise in utilizing SIEM and data analytics techniques for effective and efficient threat hunting and detection engineering.
• Expertise in analyzing network flows and firewall events in complex corporate networks.
• Expertise in analyzing web proxy and NGFW/Layer-7 events in complex corporate environments.
• Expertise in analyzing IAM and authentication/authorization events across systems such as on-premises Active Directory, Azure AD / Entra ID and Okta.
• Highly adept in web application and API events and operations in a security.
• Adept in analyzing systems behavior in Azure and AWS cloud environments.
• Familiarity with DevOps and CI/CD systems and processes.

What do we Offer?

• Insurance Plans (Medical/Life)
• 401K
• Competitive Bonus
• Mobility Allowance
• Tuition Reimbursement
• Company Holidays
• Volunteering time
• And Many More.....

Actual pay is determined based on a number of job-related factors including skills, education, training, credentials, qualifications, scope and complexity of role responsibilities, geographic location, performance, and working conditions.

The Company is only considering applicants who are currently authorized to work in the country the position is based. AA/EOE/D/V