Information Security SOC Manager - Sugar Land or Lubbock

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related discipline; or the equivalent of combined education and relevant work experience. Advanced degrees in cybersecurity can substitute work experience on a year-for-year basis. Professional certifications through ISC(2), ISACA, GIAC, OffSec are preferred.
• Management, operational planning processes, decision-making policies and procedures, skill development principles and practices.
• Adversarial tactics, cyber-attack and exploitation tools and techniques (including network exploitation), data exfiltration methods, and insider attack patterns to effectively anticipate, detect, and counter malicious activities.
• Analytical, data analysis, and information searching tools and techniques, along with working proficiency in security information and event management (SIEM) and event correlation methods to accurately detect, analyze, and respond to security incidents.
• Threat modeling tools and techniques, including MITRE ATT&K and the Cyber Kill Chain, to identify gaps in safeguards.
• Cybersecurity principles and practices—including data integrity, operations security (OPSEC), network security, access control, data encryption, adversarial tactics, threat remediation, and the principle of defense-in-depth.
• Threat intelligence requirement analysis, collections planning, and maintenance principles and practices used to derive actionable security insights.
• Cybersecurity threats, vulnerabilities, and threat characteristics—including system and network attack vectors, malware, filename extension abuse, and web application security risks.
• Research methods, including OSINT, penetration testing, and vulnerability assessment used to identify and analyze potential security exposures.
• Cloud service models, web security principles and practices, and network communications and computer networking principles, including network addressing, configurations, digital communication systems, and associated protocols and endpoints, to ensure secure network environments.
• Client/server architecture, operating systems and software, encryption algorithms (including their capabilities and applications), and authentication/authorization tools and techniques.
• Minimum of 3 years of experience in security operations, cyber defense, offensive security, or incident management roles, with a proven focus on designing and implementing detection and mitigation processes to counter cybersecurity threats effectively.
• Experience with managing or supervising small, focused teams.
• Proven working knowledge of enterprise-level security technologies—including SIEM, UAM (User Activity Monitoring) platforms, IPS/IDS, EDR/XDR, NGFW, and related tools—with the ability to evaluate, enhance, and expand their use to support effective incident detection, investigation, and response.
• Practical experience with common cybersecurity frameworks such as NIST CSF, MITRE ATT&CK, Cyber Kill Chain, SANS Incident Response, NIST SP800-61, etc.
• Demonstrated ability to successfully execute initiatives in complex and highly regulated environments.
• Navigating a fast-paced, highly regulated environments by applying critical thinking, establishing priorities, and tailoring complex information for diverse audiences.
• Effectively communicating, collaborating, and building strong relationships with internal and external stakeholders to achieve organizational objectives.
• Anticipating threats, leading incident response processes, and recognizing behavioral patterns to detect and mitigate potential security risks.
• Competencies in mitigating cognitive biases, extrapolating from incomplete data sets, and performing comprehensive data analyses to derive actionable insights.
• Managing a workforce and coordinating cybersecurity operations across an organization, and assessing effects generated during and after cyber operations.
• Forecasting requirements and assessing partner and internal operations capabilities.
• Integrating organization objectives, and creating, implementing, and monitoring processes and procedures.
• Determining information requirements, developing intelligence collection strategies, evaluating the feasibility and utility of intelligence collection sources, and developing, creating, and maintaining intelligence collection plans.
• Conducting requirements, capability, data structure, and trend analysis; developing analytics; and performing risk, security, cyber readiness, and impact assessments. Experienced in evaluating data source quality and preparing briefings and readiness reports.
• Collecting and performing network traffic and packet-level analysis to identify network threats, protect against malware, and conduct intrusion data analysis.
• Gathering and querying data from diverse sources—including open-source and metadata extraction—correlating information across multiple tools and conducting thorough research.
• Developing and analyzing large data sets to develop unique threat detections and security insights.
• Recognizing and categorizing vulnerabilities, identifying malware threats, and effectively containing malware to protect systems and data.
• Detecting host- and network-based intrusions, identifying insider threats, recognizing recurring threat incidents, uncovering filename extension abuse, spotting anomalous activity, and interpreting digital forensics data to maintain a robust security posture. Management, operational planning processes, decision-making policies and procedures, skill development principles and practices.

Nice To Haves

• Banking or financial services industry experience is a plus.
• Familiarity with: Malware analysis principles, to identify, investigate, and mitigate malicious software threats

Responsibilities

• Lead the SOC team in effectively identifying, classifying, and escalating cybersecurity incidents. Oversee the full lifecycle management of low-impact incidents, ensuring timely containment and resolution. Serve as the Incident Response Team (IRT) Lead, providing operational direction, coordination, and oversight during incident response efforts, under the strategic guidance of the CISO.
• Provide leadership and direction to the SOC team to ensure adherence to established security policies, procedures, and operational standards. Monitor and enforce quality assurance practices to support the timely detection, analysis, and mitigation of security threats.
• Integrate leadership priorities into security operations by managing and developing SOC staff and resources to support cybersecurity objectives in alignment with organizational goals and regulatory requirements.
• Maintain clear and effective communication with internal stakeholders across the organization, while actively engaging with industry partners and other external entities as needed to support collaboration, threat intelligence sharing, and coordinated incident response efforts.
• Provide leadership and direction to the SOC team to ensure adherence to established security policies, procedures, and operational standards. Monitor and enforce quality assurance practices to support the timely detection, analysis, and mitigation of security threats.
• Establish key performance indicators to measure program and response readiness, and lead the development, implementation, and continuous improvement of incident response strategies, policies, and procedures to advance and sustain operational excellence.
• Identify skill requirements for SOC personnel based on evolving threat landscapes and organizational goals. Conduct regular skill gap assessments to evaluate current capabilities and future needs, design and implement targeted training and skill development programs to strengthen technical competencies, enhance incident response readiness, and support overall security objectives.
• Advise senior leadership on security initiatives, lead strategic projects, and serve as a key resource on emerging threats and cyber risk. Contribute to incident response readiness, enterprise risk mitigation, and cybersecurity awareness across the organization.
• Perform cyber defense and threat activity trend analysis and reporting to inform IT operations and senior management; prepare and deliver threat and target briefings; and maintain a continuously updated situational overview of incidents throughout their lifecycle to support timely, actionable risk-based decision-making.
• Plan and facilitate scenario-based tabletop exercises to evaluate the effectiveness of the Incident Response Plan and IR team performance. Coordinate cross-functional participation, assess response actions, identify gaps, and document lessons learned. Deliver post-exercise reports with actionable recommendations and present findings to leadership to drive continuous improvement.
• Drive the development of advanced threat detection capabilities using SIEM, UEBA, and related security tools to generate high-confidence, actionable alerts for potential malicious or non-compliant activity; develop and optimize detection logic, threat hunting queries, and compliance monitoring use cases to support continuous visibility and proactive risk identification across the environment.
• Lead the creation of actionable post-mortem reports following security incidents, detailing attacker tactics and techniques, root cause analysis, impact assessments, and other key findings, providing insights to support continuous improvement and reduce future risk.
• Design and implement enhancements to improve the identification of adversarial tactics, techniques, and procedures (TTPs) and techniques, integrate external and internal observations to develop actionable threat models, and identify potential exposures, and provide strategic remediation recommendations to leadership and collaborate with cross-functional teams to drive effective risk-based defense prioritization.
• Work outside of regular business hours when necessary.
• Other duties as assigned.