Security Operations Center (SOC) Lead

About The Position

Requirements

• Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD
• Clearance: TS/SCI (active)
• Education/Training/Certification: Candidate must meet ONE: Master’s or Ph.D. in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering; OR Relevant DoD/Military training (e.g., 4C‑255N/4C‑255S/4C‑255A, Cyber Defense Analyst Advanced Playlist); OR Relevant certifications (see list below).
• Experience: Progressive cybersecurity experience with3 years managing SOC operations or equivalent operational leadership in DoD/enterprise SOC environments.
• Demonstrated skills: SOC toolsets (SIEM, SOAR, EDR/XDR), incident handling, threat analysis, detection engineering, COOP operations, RMF/RMF‑related reporting, and senior‑level briefings.
• Acceptable Certifications (one or more preferred) CBROPS, CFR, CySA+, GCFA, GCIA, GICSP, or equivalent advanced SOC/forensics/cyber operations certifications

Nice To Haves

• Prior DoD/Army/ARNG SOC or NOSC experience
• Experience coordinating notifications to ARCYBER/USCYBERCOM and supporting classified enclave monitoring
• Familiarity with automation, SOAR playbooks, threat hunting, and purple team exercises

Responsibilities

• Manage day‑to‑day SOC operations: staffing, shift coverage, case handling, escalation, and incident lifecycle management.
• Oversee incident coordination with CIRT, NOSC, ARCYBER, USCYBERCOM, and engineering teams; implement playbooks and countermeasures during incidents.
• Ensure investigative quality: review cases, validate threat analysis, enforce documentation/runbook standards, and oversee evidence preservation.
• Lead detection engineering efforts: rule/signature/content development, tuning, enrichment, and mapping to MITRE ATT&CK.
• Maintain continuous monitoring aligned with STIG/IAVM/RMF requirements and ensure SOC support for defensive cyber operations.
• Develop and maintain SOC SOPs, playbooks, escalation matrices, COOP procedures, and communications plans.
• Coordinate SOC reporting and notifications to RCC‑NG, ARCYBER, USCYBERCOM, and other stakeholders; produce situational awareness products and executive briefings.
• Drive analyst training, exercises, purple teaming, and tool adoption; mentor Tier II/III analysts and refine workflows/automation.
• Support audits, inspections, accreditation activities, and evidence preparation for RMF/ATO and related reviews.
• Monitor SOC KPIs (MTTD, MTTR, case quality, false positive rates) and implement continuous improvement actions.