Senior SME

About ColorTokens

ColorTokens specializes in advanced security solutions designed to safeguard organizations assets and critical systems from cyber threats. Our flagship product Xshield Enterprise Microsegmentation platform empowers organizations to prevent initial compromises from escalating into damaging crises. By emphasizing proactive security measures ColorTokens ensures comprehensive protection for critical workloads and data enabling organizations to stay breach ready.

With a clientele spanning some of the worlds largest organizations including prominent cancer research centers cities and national defense departments ColorTokens serves industries handling sensitive information and subject to stringent regulatory requirements.

ColorTokens cloud-delivered platform streamlines onboarding efforts and reduces maintenance costs for organizations. Providing pervasive protection their platform covers data center servers legacy systems cloud workloads containers and operational technology (OT) and Internet of Things (IoT) devices.

The companys recognition as a Strong Performer in the Forrester New Wave: Microsegmentation report solidifies ColorTokens reputation as a trusted provider of microsegmentation solutions for organizations seeking to enhance their security posture.

Our culture

We foster an environment that values customer focus innovation collaboration mutual respect and informed decision-making. We believe in alignment and empowerment so you can own and drive initiatives autonomously.

Self-starters and high-motivated individuals will enjoy the rewarding experience of solving complex challenges that protect some of worlds impactful organizations be it a childrens hospital or a city or the defense department of an entire country.

Position Overview

Colortokens is seeking a highly skilled and experiencedSenior SOC Subject Matter Expert (SME)to lead and enhance our Security Operations Center (SOC). The ideal candidate will bring deep technical expertise in security operations threat detection incident response and SOC processes. This role requires strong leadership skills technical acumen and the ability to design and implement advanced security strategies to protect organizational assets.

Key Responsibilities

SOC Operations Leadership:

• Serve as the technical authority for the SOC team providing guidance and expertise in threat monitoring detection and response.
• Oversee the design implementation and optimization of SOC processes workflows and playbooks.
• Ensure 24/7 operational readiness minimizing downtime and incident response times.

Threat Detection and Incident Response:

• Lead investigations into complex security incidents and provide actionable recommendations to mitigate risks.
• Develop and maintain custom detection rules use cases and correlation logic in SIEM platforms.
• Oversee forensic analysis and root-cause investigations for major incidents.

Tool and Technology Management:

• Evaluate implement and optimize SOC tools and technologies including SIEM SOAR EDR and NDR solutions.
• Collaborate with IT and security teams to ensure seamless integration of tools across the environment.
• Identify gaps in coverage and recommend solutions to improve threat visibility.

Team Development and Mentorship:

• Train and mentor SOC analysts and engineers enhancing their technical and operational capabilities.
• Lead tabletop exercises and red/blue team simulations to improve team readiness and response.
• Foster a culture of continuous improvement and learning within the SOC.

Strategic Contributions:

• Collaborate with leadership to define SOC goals metrics and key performance indicators (KPIs).
• Stay updated on the latest security trends tools and threats to ensure the SOC remains proactive and adaptive.
• Drive compliance with relevant standards and frameworks (e.g. NIST ISO 27001 PCI DSS).

Customer and Stakeholder Engagement:

• Act as a liaison with customers and stakeholders providing expert insights on SOC operations and incident management.
• Develop and present detailed reports and executive summaries on SOC performance incidents and strategic initiatives.

Required Skills and Experience

Technical Expertise:

• 15 years of experience in cybersecurity with a focus on SOC operations and threat detection.
• Advanced knowledge of SIEM platforms (e.g. Splunk QRadar Sentinel) and security tools (e.g. CrowdStrike Palo Alto Cortex).
• Expertise in scripting and automation using Python PowerShell or similar tools.

Certifications:

• Relevant certifications such as CISSP CISM GIAC (GCIA GCIH) or equivalent.
• Additional certifications in SOC operations or SIEM platforms are highly desirable.

Analytical and Problem-Solving Skills:

• Proven ability to analyze complex incidents and provide comprehensive remediation strategies.
• Strong understanding of the MITRE ATT&CK framework threat intelligence and threat hunting.

Soft Skills:

• Excellent communication and leadership skills.
• Ability to work under pressure and prioritize tasks in a dynamic environment.

Preferred Qualifications

• Experience with SOAR platforms and automation workflows.
• Familiarity with compliance requirements like GDPR HIPAA and PCI DSS.
• Knowledge of cloud security and hybrid environments (e.g. AWS Azure Google Cloud).