Principal Cyber Security Engineer, SOC Lead (US Federal)

About The Position

Requirements

• 10+ years of experience in cybersecurity operations, incident response, or threat detection
• 5+ years of experience leading or mentoring security operations personnel
• Deep experience operating and tuning SIEM platforms such as Splunk
• Experience managing incident response lifecycle activities aligned to NIST SP 800-61r3
• Experience supporting secure cloud environments and/or air-gapped networks
• Bachelor’s degree in Cybersecurity, Computer Science, Engineering, or equivalent experience
• Applicants must have the ability to obtain and maintain a U.S. government issued security clearance.

Nice To Haves

• Strong understanding of adversary TTPs and MITRE ATT&CK framework
• Experience with SOAR platforms (e.g., Tines) and security automation
• Proven ability to manage escalations and high-severity incidents
• Experience developing KPIs, SLAs, and operational metrics
• Strong critical thinking and decision-making skills under pressure
• Ability to coordinate cross-functional teams (Red, Blue, Engineering, Compliance)
• Excellent written and verbal communication skills
• Experience building and improving SOC playbooks and runbooks
• Certifications meeting DoD 8570 requirements

Responsibilities

• Overseeing 24x7 monitoring operations
• Incident response coordination
• Escalation management
• Continuous improvement of SOC processes and capabilities
• Lead a team of SOC Analysts
• Ensure high-quality investigations
• Oversee detection engineering collaboration
• Drive automation initiatives leveraging platforms such as Splunk and SOAR technologies (e.g., Tines)
• Interface with Red, Blue, Purple Teams and Threat Intelligence to maintain an integrated cyber defense posture