Incident Detection/Response Manager (SOC Manager)

ECS Tech IncWork from home, Virginia
$140,000 - $160,000Remote

About The Position

Everforth ECS is seeking an Incident Detection/Response Manager (SOC Manager) who lives in close proximity to the National Capital Region (NCR) to join a premier, enterprise-scale cybersecurity program supporting a major federal civilian agency. This flagship initiative unifies 24x7x365 Security Operations (SOC), proactive threat hunting, and advanced Security Engineering and Architecture into a cohesive defensive mission. As a key leader on this program, you will drive the protection of highly sensitive, national-level financial, and personally identifiable information (PII). You will be at the forefront of modernizing the agency's cyber posture, implementing advanced automation, and ensuring continuous operational resilience across a massive, highly complex federal IT enterprise. As the Incident Detection/Response Manager, you will serve as the operational commander of a high-performing, around-the-clock Security Operations Center supporting a major federal civilian agency. You will direct Tier I, II, and III incident response operations, ensuring rapid detection, containment, and recovery across a large-scale federal IT enterprise. Working closely with threat hunting teams, security engineers, agency stakeholders, and external service providers, you will lead the SOC's day-to-day operations while driving continuous improvement in detection capabilities, response procedures, and overall security posture. When incidents occur, you become the incident commander, orchestrating response from the moment a threat is detected through containment, eradication, and recovery.

Requirements

  • U.S. Citizenship required.
  • 8+ years of IT experience, with 4+ years of dedicated incident response and SOC operations experience.
  • Remote but within close proximity to the NCR.
  • Active Public Trust 6c clearance, or the ability to obtain and maintain one.
  • At least one of the following certifications: GCIH, GCFA, GREM, or equivalent.
  • Hands-on experience with SIEM, SOAR, EDR, CDM, and malware analysis tools and platforms.
  • Strong experience with operating systems and networking fundamentals, including log analysis, traffic analysis, and endpoint forensics.
  • Experience with AWS native services and tools in a federal or enterprise cloud environment.
  • Demonstrated experience managing a SOC overseeing complex, large-scale federal or enterprise IT systems.
  • Strong command of incident response frameworks including NIST SP 800-61, SANS PICERL, and MITRE ATT&CK.
  • Practical malware analysis fundamentals, including static analysis, sandboxing, and Indicator of Compromise (IoC) extraction.
  • Experience with SOAR platforms to automate repetitive elements of incident response and improve analyst efficiency.
  • Proven ability to translate complex technical findings into clear, actionable language for both technical and executive audiences.
  • Strong written and verbal communication skills, with a track record of producing high-quality federal security documentation.

Responsibilities

  • Manage SOC daily activities, including building and maintaining shift schedules and ensuring all documentation, including SOPs, Playbooks, and CONOPS, are current.
  • Manage Tier I, II, and III incident response operations across the federal enterprise, ensuring consistent, high-quality response at every level.
  • Coordinate containment, eradication, and recovery activities during active security incidents, serving as the primary incident commander and coordinating between the SOC team, IT operations, and relevant stakeholders.
  • Lead post-incident reviews and root cause analysis to identify lessons learned and drive continuous improvement in SOC processes and detection capabilities.
  • Ensure compliance with NIST SP 800-61 and federal incident response standard operating procedures across all SOC operations.
  • Manage SIEM event "notables" dashboards, ensuring timely triage, escalation, and resolution of security alerts.
  • Maintain the SOC coverage schedule per shift to ensure 24x7x365 operational readiness.
  • Maintain the call tree, including current contact information for all partner organizations and Cloud Service Providers (CSPs).
  • Apply MITRE ATT&CK framework to map attacker tactics, techniques, and procedures (TTPs) during investigations and incident response activities.
  • Encourage team collaboration by fostering a positive team culture, managing workloads effectively, and supporting professional development.
  • Collaborate with threat hunting, CTI, engineering, and architecture teams to ensure SOC operations are informed by the latest threat intelligence and detection capabilities.
  • Present incident findings, risk recommendations, and SOC performance metrics to both technical teams and senior government officials in a clear, actionable format.
  • Support the development and continuous improvement of a comprehensive enterprise information security program grounded in the latest laws, regulations, and industry best practices.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service