ENTERPRISE SECURITY OPERATIONS CENTER (ESOC) ANALYST MANAGER 2

Huntington Ingalls•Newport News, VA

1d•Hybrid

About The Position

The eSOC Analyst Manager leads and matures the company’s enterprise-wide Security Operations Center (SOC), providing centralized monitoring, detection, and incident response across the enterprise and its three divisional networks — including one that contains U-NNPI data regulated under NAVSEA 08 controls. The position oversees cybersecurity operations for on-premises and hybrid cloud environments (including O365, Azure, and AWS) and ensures continuous (24x7x365) coverage and protection of corporate and U.S. Government information. This role requires balancing technical depth, operational leadership, and compliance rigor under DFARS 252.204-7012, CMMC 2.0, and NIST SP 800-171/800-53 frameworks. The eSOC Analyst Manager will direct day-to-day security operations, coordinate enterprise incident response, manage SOC personnel and contractors, and continuously evolve monitoring capabilities using automation, threat intelligence, and Zero Trust-aligned practices. The position reports to the SOC Manager and partners with the Cybersecurity Support Group (CSG) manager.

Requirements

Bachelor's Degree and 6 years of progressive technical experience in research, engineering and design; Master’s Degree and 4 years of relevant experience
One of the following may be used as an equivalent to Bachelor's Degree for Information Technology Related Positions Only: NNS Apprentice School graduate, Navy Nuclear Power School (NNPS) graduate, Associate's Degree or other formal 2 year program and 2 years of relevant exempt experience or 4 years of relevant non-exempt experience, Military Paygrade E-5 or above military experience, High School/GED and 4 years combined of Manufacturing, Shipbuilding, Trades, Military experience or other relevant exempt experience, High School/GED and 8 years combined of Manufacturing, Shipbuilding, Trades, Military experience or other relevant non-exempt experience
A relevant professional certification can be substituted for a Bachelor's Degree.

Nice To Haves

Bachelor’s degree in Computer Science, Information Assurance, or Cybersecurity (Master’s preferred).
Certifications such as CISSP, CISM, GCIA, GCIH, GCED, or equivalent.
Experience supporting multiple divisions or business units in a defense industrial base environment.
Knowledge of U-NNPI handling and related NAVSEA 08 guidance.
Familiarity with cloud-native security monitoring and global IR coordination.
6+ years of progressive experience in cybersecurity, with at least 2 years managing SOC or incident response operations.
Demonstrated success leading 24x7 operational teams and managing incident lifecycle activities.
Strong knowledge of SIEM, SOAR, EDR/XDR, network IDS/IPS, DLP, and forensic tools.
Proven experience operating under DFARS 252.204-7012, CMMC 2.0, and NIST 800-171, and NIST 800-53 requirements.
Ability to translate technical issues into business and risk-based terms for executives.

Responsibilities

Lead the eSOC’s 24x7x365 analysts, shift leads, and threat intelligence efforts in investigations.
Maintain monitoring and response coverage for enterprise, divisional, and cloud networks.
Coordinate enterprise-level incident response (IR) activities, ensuring consistent escalation, containment, and recovery across business units.
Conduct post-incident reviews and after-action reporting to identify process, technology, or communication improvements.
Maintain and refine SOC standard operating procedures (SOPs), playbooks, and communication protocols.
Ensure SOC operations comply with DFARS 252.204-7012, CMMC 2.0, NIST 800-171, and relevant DoD contractual cybersecurity clauses.
Oversee monitoring and response capabilities for networks that process Controlled Unclassified Information (CUI) and Unclassed Naval Nuclear Propulsion Information (U-NNPI) data.
Maintain evidence, logs, and incident documentation suitable for DoD assessments and C3PAO reviews.
Coordinate with compliance teams to ensure the SOC’s technology stack and workflows meet evolving regulatory requirements.
Execute the eSOC framework as set forth by the eSOC Manager.
Manage Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs), including mean time to detect (MTTD), mean time to respond (MTTR), dwell time, and false positive ratios.
Drive automation and orchestration initiatives through SOAR and other technologies to optimize analyst efficiency.
Collaborate with CSG to enhance and tune SIEM, EDR/XDR, UEBA, and DLP solutions.
Oversee detection content creation, correlation rules, and log source integration across cloud and on-premises systems.
Integrate threat intelligence (CTI) feeds and indicators into SOC workflows.
Map threats and adversary techniques using the MITRE ATT&CK framework.
Partner with internal and external entities (e.g., DIB ISAC, government reporting channels, vendors) for timely intelligence sharing.
Track emerging threats relevant to defense contractors and provide actionable insights to leadership.
Coordinate hunting efforts and ensure due diligence of investigative efforts.