Director, Security Operations

ECS Tech Inc

12h•$180,000 - $230,000•Remote

About The Position

ECS is seeking a Director, Security Operations to work remotely. Please Note: This position is contingent upon contract award. At ECS Federal, we're driven by a commitment to excellence and innovation in solving complex challenges. As a premier provider of advanced technology solutions and services, our mission is to secure and optimize the most critical commercial, government, defense, and intelligence projects across the country. Our team is composed of dynamic professionals who thrive in a collaborative and empowering environment, where our team members leverage the latest technologies and insights to make a real-world impact. Join us and be part of a forward-thinking organization that values your expertise and supports your professional growth. We are seeking a Director of Security Operations Center (SOC) to lead and mature our Enterprise Security Operations Center responsible for protecting the organization’s digital assets, infrastructure, and data. This leader will oversee the SOC analysts and security engineering teams, driving operational excellence across threat detection, investigation, response, and security platform engineering. Reporting directly to the Senior Director of Operations, the Director will be responsible for building a high-performing team, optimizing SOC processes, and ensuring the organization maintains strong visibility into threats across the enterprise environment. The role requires a strategic and operational leader who can translate evolving threat intelligence and security technologies into effective defensive capabilities while maintaining close collaboration with enterprise technology, risk, and executive leadership.

Requirements

Experience: Minimum of 15 years of progressive experience in cybersecurity, with substantial experience leading security operations or security engineering functions.
Director-Level Leadership Experience: Proven experience serving as a Director or equivalent senior leadership role overseeing cybersecurity teams and security operations programs.
Security Operations Expertise: Deep understanding of SOC operations including threat detection, investigation, incident response, and operational security monitoring.
Security Technology Expertise: Hands-on familiarity with enterprise security technologies such as SIEM, EDR, vulnerability management platforms, network security controls, and cloud security monitoring tools.
Incident Response Leadership: Demonstrated experience leading complex security incident investigations and coordinating response efforts across technical and executive stakeholders.
Team Leadership and Development: Proven ability to recruit, develop, and manage high-performing cybersecurity teams in a fast-paced operational environment.
Strategic Security Program Management: Experience building and improving security operations programs, including process development, capability maturity, and operational metrics.
Enterprise Security Knowledge: Strong understanding of modern enterprise IT environments including cloud platforms, endpoint ecosystems, identity systems, and network infrastructure.
Compliance and Security Framework Alignment: Strong understanding of cybersecurity compliance requirements and the ability to map SOC operations, security technologies, and monitoring capabilities to established frameworks such as NIST CSF, NIST 800-53, ISO 27001, FedRAMP, or similar regulatory and governance standards.
Communication and Executive Engagement: Ability to clearly communicate complex cybersecurity risks, incidents, and operational metrics to senior leadership and non-technical stakeholders.

Responsibilities

Lead Enterprise SOC Operations: Direct the day-to-day operations of the Security Operations Center, ensuring effective monitoring, detection, investigation, and response to security events across the enterprise environment.
Manage SOC and Security Engineering Teams: Lead and develop high-performing SOC analysts and security engineers, establishing clear objectives, operational standards, and professional development pathways.
Oversee Security Incident Response: Serve as the operational leader during major security incidents, coordinating investigation, containment, eradication, and recovery activities while ensuring timely communication with executive leadership.
Drive Detection and Monitoring Strategy: Ensure the continuous improvement of detection capabilities across SIEM, EDR, and other security platforms through collaboration with our MSSP.
Operationalize Security Technologies: Oversee the engineering, configuration, and optimization of core security platforms including SIEM, endpoint detection and response, vulnerability management, and data protection technologies.
Establish SOC Metrics and Reporting: Define and track key SOC performance metrics such as MTTD, MTTR, alert fidelity, and detection coverage, delivering regular operational reporting to senior leadership.
Develop and Maintain SOC Processes and Playbooks: Ensure the SOC operates under well-defined procedures, playbooks, and escalation processes aligned with enterprise security policies and industry best practices.
Strengthen Cross-Functional Collaboration: Partner with IT, infrastructure, risk, and compliance teams to ensure security monitoring and response capabilities are integrated across enterprise systems and platforms.
Drive Continuous Improvement and Innovation: Identify opportunities to enhance SOC capabilities through automation, advanced analytics, threat-informed defense strategies, and emerging security technologies.
Support Enterprise Security Strategy: Contribute to the broader cybersecurity program by aligning SOC capabilities with organizational risk priorities, regulatory requirements, and long-term security strategy.