Manager, Global Security Operations Center

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• 8+ years in security operations, cyber defense, incident response, or threat management.
• 3–5 years in a leadership role managing SOC or IR teams within a global enterprise or MSSP/SOC-as-a-Service environment.
• Hands-on experience with SIEM/SOAR administration and tuning—ideally Google SecOps / Splunk/ or other industry leading SIEM tools.
• Proven experience managing Global SOC Operations, external MSSP relationships, and internal response teams.
• Background with cloud security (Azure / GCP preferred; AWS/Alibaba a plus) and, ideally, exposure to OT/Manufacturing environments.
• Expert understanding of SOC operations, MITRE ATT&CK, detection engineering, and incident response methodologies.
• Strong analytical and problem-solving capabilities; ability to interpret large datasets and signals.
• Proficiency with security automation, REST APIs, and playbook engineering.
• Real-world experience with threat intel application and proactive threat hunting.
• Exceptional communication and documentation skills — clear, concise, and executive-ready.

Nice To Haves

• Master’s degree preferred (or equivalent practical experience).
• Preferred certifications: CISSP, CISM, GCIA, GCIH, GSOC, GMON, Microsoft SC-series certifications, CompTIA Security+, EC-Council CSA, GIAC GSOC, GIAC GCIH, Offensive Security OSCP, ISO/IEC 27001 Lead Implementer, and other globally recognized cybersecurity certifications.

Responsibilities

• Leadership of global SOC operations, personnel, and vendor partnerships
• Governance of SIEM, SOAR, and XDR platforms and other GSOC relevant tooling
• Ownership of incident response workflows and SOC process maturity
• Reporting and operational metrics (MTTD, MTTR, automation ROI, false positive rate)
• Cross-functional coordination with IT, OT, Cloud, Compliance, and Architecture teams
• Lead, mentor, and develop a distributed team of senior SOC analysts across multiple regions.
• Govern 3rd Party tooling and personnel performance, SLAs, escalations, and service quality.
• Define, maintain, and enforce SOC standard operating procedures, playbooks, and escalation paths.
• Oversee end-to-end incident lifecycle: detection → triage → containment → remediation → lessons learned.
• Ensure high-quality triage and reduced false positives through tuning and signal optimization.
• Coordinate closely with Security Architecture to onboard new log sources and build detection-as-code pipelines.
• Own SIEM/SOAR operations, including SIEM, SOAR, CASB, and XDR with others as required and defined
• Lead log onboarding, rule tuning, alert correlation, automation playbook development, and health monitoring.
• Evaluate and implement new telemetry sources, threat intelligence integrations, and detection models.
• Develop and operationalize a threat intelligence capability drawing from MSTIC, Mandiant, ISACs, etc.
• Lead or coordinate threat hunting, adversary emulation, and advanced TTP analysis initiatives.
• Establish and maintain operational dashboards and KPIs (MTTD, MTTR, coverage, automation usage, FP rate).
• Deliver weekly operational updates, monthly reports, and quarterly executive briefings to leadership.
• Conduct post-incident reviews, trend analysis, and maturity assessments to drive measurable improvement.
• Support internal and external audits for SOX, ISO 27001, IEC 81001-5-1 along with others as required and defined.
• Maintain evidence documentation and ensure SOC controls remain effective and test-ready.
• Plan and execute quarterly DR exercises and annual table-top scenarios.