SBA - Cybersecurity Operations Technical Lead (SOC Engineer/SME)

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Information Assurance, Engineering, or related technical discipline. Additional relevant experience may substitute for degree requirements.
• Minimum of 10 years of progressive cybersecurity operations, SOC engineering, incident response, or cybersecurity analysis experience.
• Minimum of 5 years supporting or leading enterprise SOC operations in a federal environment.
• Demonstrated experience supporting 24x7x365 SOC operations, SIEM administration, incident response, and threat monitoring activities.
• Hands-on experience with SIEM, EDR, IDS/IPS, network security monitoring, threat intelligence, and log aggregation platforms.
• Experience conducting incident triage, malware analysis, threat hunting, digital forensics, and root cause analysis.
• Experience supporting cloud security operations across AWS, Azure, Microsoft 365, or hybrid enterprise environments.
• Strong understanding of federal cybersecurity frameworks including FISMA, NIST RMF, NIST SP 800-53 Rev. 5, NIST SP 800-61, CISA guidance, and Zero Trust principles.
• Experience developing cybersecurity operational metrics, dashboards, executive reporting, and operational documentation.
• Excellent analytical, communication, leadership, coordination, and problem-solving skills.

Nice To Haves

• Certified Information Systems Security Professional (CISSP)
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Forensic Analyst (GCFA)
• Certified Information Security Manager (CISM)
• CompTIA CySA+
• Certified Ethical Hacker (CEH)
• Splunk Certified Architect or equivalent SIEM certification
• AWS or Microsoft Azure Security Certifications

Responsibilities

• Provide technical leadership and operational oversight for enterprise SOC operations supporting SBA cybersecurity missions.
• Serve as the senior SOC engineering and cybersecurity operations subject matter expert (SME) supporting 24x7x365 operations.
• Lead SOC operational activities including security monitoring, threat detection, event correlation, incident response, and cybersecurity investigations.
• Support execution of SOC Operations Management activities identified under RFQ Task Area 3.5.3.2.
• Coordinate and oversee Tier 1, Tier 2, and Tier 3 SOC operations and incident response activities.
• Manage and optimize SIEM, EDR, IDS/IPS, vulnerability management, log management, and cybersecurity monitoring platforms.
• Provide technical oversight for cyber threat hunting, threat intelligence integration, malware analysis, and digital forensics activities.
• Develop and maintain SOC operational procedures, incident response playbooks, escalation procedures, and operational workflows.
• Support implementation and execution of cybersecurity communications plans and operational reporting requirements.
• Perform advanced analysis of network traffic, system logs, security alerts, indicators of compromise (IOC), and attack patterns.
• Coordinate incident response activities with Federal leadership, system owners, legal, privacy, inspector general, and other mission stakeholders.
• Develop cybersecurity operational dashboards, metrics, reports, and performance indicators aligned with SLA requirements.
• Support SOC platform engineering, tuning, automation, orchestration, and continuous operational improvement initiatives.
• Provide technical guidance for cloud security monitoring across Azure, AWS, Microsoft 365, Dynamics, Salesforce, and hybrid environments.
• Lead cybersecurity operational readiness activities including continuity of operations (COOP), disaster recovery, and emergency response support.
• Ensure cybersecurity operations align with NIST SP 800-61, NIST SP 800-53, CISA guidance, FISMA requirements, and federal cybersecurity standards.
• Support vulnerability management activities including Tenable SC operations, zero-day vulnerability tracking, and remediation coordination.
• Develop executive briefings, incident summaries, trend analysis reports, and operational recommendations for Government leadership.
• Provide mentoring, technical direction, and operational support to SOC analysts, engineers, and incident responders.
• Participate in working groups, technical collaboration meetings, and cybersecurity improvement initiatives.