Security Operations Center (SOC) Lead

Peraton•Herndon, VA

About The Position

We are seeking a highly skilled and innovative Security Operations Center (SOC) Lead to join our team in the greater DMV area, supporting the Army National Guard. Key Responsibilities Manage day‑to‑day SOC operations: staffing, shift coverage, case handling, escalation, and incident lifecycle management. Oversee incident coordination with CIRT, NOSC, ARCYBER, USCYBERCOM, and engineering teams; implement playbooks and countermeasures during incidents. Ensure investigative quality: review cases, validate threat analysis, enforce documentation/runbook standards, and oversee evidence preservation. Lead detection engineering efforts: rule/signature/content development, tuning, enrichment, and mapping to MITRE ATT&CK. Maintain continuous monitoring aligned with STIG/IAVM/RMF requirements and ensure SOC support for defensive cyber operations. Develop and maintain SOC SOPs, playbooks, escalation matrices, COOP procedures, and communications plans. Coordinate SOC reporting and notifications to RCC‑NG, ARCYBER, USCYBERCOM, and other stakeholders; produce situational awareness products and executive briefings. Drive analyst training, exercises, purple teaming, and tool adoption; mentor Tier II/III analysts and refine workflows/automation. Support audits, inspections, accreditation activities, and evidence preparation for RMF/ATO and related reviews. Monitor SOC KPIs (MTTD, MTTR, case quality, false positive rates) and implement continuous improvement actions. #ENOCS

Requirements

Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD
Clearance: TS/SCI (active)
Education/Training/Certification: Candidate must meet ONE: Master’s or Ph.D. in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering; OR Relevant DoD/Military training (e.g., 4C‑255N/4C‑255S/4C‑255A, Cyber Defense Analyst Advanced Playlist); OR Relevant certifications (see list below).
Experience: Progressive cybersecurity experience with3 years managing SOC operations or equivalent operational leadership in DoD/enterprise SOC environments.
Demonstrated skills: SOC toolsets (SIEM, SOAR, EDR/XDR), incident handling, threat analysis, detection engineering, COOP operations, RMF/RMF‑related reporting, and senior‑level briefings.
Acceptable Certifications (one or more preferred) CBROPS, CFR, CySA+, GCFA, GCIA, GICSP, or equivalent advanced SOC/forensics/cyber operations certifications

Nice To Haves

Prior DoD/Army/ARNG SOC or NOSC experience
Experience coordinating notifications to ARCYBER/USCYBERCOM and supporting classified enclave monitoring
Familiarity with automation, SOAR playbooks, threat hunting, and purple team exercises

Responsibilities

Manage day‑to‑day SOC operations: staffing, shift coverage, case handling, escalation, and incident lifecycle management.
Oversee incident coordination with CIRT, NOSC, ARCYBER, USCYBERCOM, and engineering teams; implement playbooks and countermeasures during incidents.
Ensure investigative quality: review cases, validate threat analysis, enforce documentation/runbook standards, and oversee evidence preservation.
Lead detection engineering efforts: rule/signature/content development, tuning, enrichment, and mapping to MITRE ATT&CK.
Maintain continuous monitoring aligned with STIG/IAVM/RMF requirements and ensure SOC support for defensive cyber operations.
Develop and maintain SOC SOPs, playbooks, escalation matrices, COOP procedures, and communications plans.
Coordinate SOC reporting and notifications to RCC‑NG, ARCYBER, USCYBERCOM, and other stakeholders; produce situational awareness products and executive briefings.
Drive analyst training, exercises, purple teaming, and tool adoption; mentor Tier II/III analysts and refine workflows/automation.
Support audits, inspections, accreditation activities, and evidence preparation for RMF/ATO and related reviews.
Monitor SOC KPIs (MTTD, MTTR, case quality, false positive rates) and implement continuous improvement actions.