Manager, SOC

About The Position

Requirements

• 5+ years in security operations, with 3+ years in a SOC leadership or senior SOC engineer role that included hands-on technical output alongside people management.
• Proven, personal detection authorship at field-logic level in a SIEM (Splunk, Microsoft Sentinel, Elastic, QRadar, or equivalent). Tuning pre-built content or managing a team that writes detections does not qualify.
• Hands-on SOAR build experience — you have configured playbooks and automated workflows yourself (Splunk SOAR, Palo Alto XSOAR, Swimlane, or equivalent). Overseeing an implementation does not qualify.
• Demonstrated ability to build SOC processes, workflows, and playbooks in early-stage or greenfield environments.
• Strong log source fluency: given available data sources, you can independently identify detection opportunities without being prompted.
• Working knowledge of cloud security in at least one major provider (AWS, Azure, or GCP), including cloud-native log sources and common attack techniques.

Nice To Haves

• Experience with AI-native or agentic SOC platforms and genuine enthusiasm for building on emerging security automation technologies.
• Hands-on incident response experience in cloud-native environments.
• Experience with vulnerability management tools (Tenable, Qualys, Rapid7) integrated into detection or ticketing workflows.
• MSSP or MDR background with demonstrated transition to single-enterprise ownership.
• Relevant certifications: CISSP, GCIA, GCIH, GDAT, or CySA+.

Responsibilities

• Build out Forcepoint’s internal SOC — processes, tooling, detection coverage, and analyst workflows.
• Hire, onboard, and develop a small, growing team of SOC analysts.
• Define and own SOC operating procedures, escalation paths, and performance metrics (MTTD, MTTR, false positive rates), and report to senior leadership.
• Personally author detection rules at field-logic level; set thresholds, tune for false positives, and iterate — not review or approve what others write.
• Survey available log sources across SIEM, EDR, cloud, identity, and network, and independently identify detection opportunities.
• Maintain a detection library mapped to MITRE ATT&CK with clear coverage tracking and gap remediation plans.
• Own SOAR implementation and playbook development hands-on — you build the workflows, not an engineer you assign the work to.
• Operate and extend our agentic AI SOC platform: configure use cases, author AI-assisted detection and response logic, and drive adoption across the team.
• Continuously identify opportunities to reduce analyst toil and improve the ratio of automated to manual response actions.
• Lead incident response as a process owner — containment, investigation, remediation, recovery, and post-incident review.
• Partner with the CISO, Security Architecture, and internal teams to align SOC priorities and improve security posture.

Benefits

• Equal employment opportunities to all applicants and employees without regard to race, color, creed, religion, sex, sexual orientation, gender identity, marital status, citizenship status, age, national origin, ancestry, disability, veteran status, or any other legally protected status and to affirmatively seek to advance the principles of equal employment opportunity.
• Opportunities to all job seekers, including job seekers with disabilities.
• Reasonable accommodation if you are unable or limited in your ability to use or access the Company’s career webpage as a result of your disability.