Security Operations Center (SOC) Manager

About The Position

Requirements

• Knowledge of incident response frameworks and best practices.
• Knowledge of security operations with an emphasis on patrol, inspection and response services.
• Knowledge of supervisory practices and procedures.
• Knowledge of a variety of security and safety devices and controls.
• Good organizational skills.
• Strong customer service and results orientation skills.
• Strong interpersonal skills, with the ability to interact effectively with clients, at various social levels and across diverse cultures.
• Exceptional time-management skills with the ability to prioritize and delegate tasks in a fast-paced environment.
• Excellent leadership, communication, and interpersonal skills.
• Demonstrated leadership abilities and adaptability when facing unique challenges, with experience working effectively with individuals in diverse cultures and business environments.
• Skilled in documenting O365/Azure platform technical issues, analysis, client communication, and resolution as part of cyber risk mitigation.
• Ability to provide positive direction and motivate performance.
• Ability to learn quickly and carry out instructions furnished in written, oral, or diagrammatic form.
• Ability to track and maintain schedule assignments.
• Ability to be an effective team member.
• Ability to maintain professional composure when dealing with unusual circumstances.
• Ability to adapt to various sites and changes in post procedures.
• Ability to write routine correspondence, including logs and reports
• Ability to maintain the security and integrity of critical infrastructure systems by preventing unauthorized access and ensuring compliance with laws and regulations related to national security and foreign ownership restrictions
• Must hold at least one or more of the following certifications: Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) GIAC Security Operations Manager (GSOM) Microsoft Cybersecurity Architect (SC-100) Certified SOC Analyst (CSA) AWS Certified Solutions Architect
• Bachelor’s degree in information security, Computer Science, a related field, or equivalent work experience on a year-for-year basis up to 4 years.
• A minimum of 8 years of experience within security operations, cyber threat intelligence, or incident response, with at least 5 years in a leadership role in a SOC (Security Operations Center) or IR team.

Responsibilities

• Provide direct leadership, oversight, and mentorship to SOC personnel, including SOC Analysts, Vulnerability Management staff, and SIEM Engineers.
• Manage a hybrid workforce consisting of onsite and remote staff, ensuring effective communication, collaboration, and accountability.
• Serve as the primary escalation point for Tier II and Tier III security incidents, providing direction and decision-making support during complex or high-risk events.
• Act as the incident commander for major cybersecurity incidents in accordance with HHSC policies and procedures.
• Foster a culture of continuous learning and professional development by coordinating and overseeing training programs for SOC personnel.
• Ensure adequate staffing levels to support 24/7/365 SOC operations, including after-hours, weekends, and holidays.
• Identify, track, maintain, and report key security operations metrics to leadership and stakeholders.
• Support internal and external audits, assessments, and compliance activities related to cybersecurity operations.
• Periodically review, validate, and update the Cybersecurity Incident Response Plan to ensure continued effectiveness and alignment with agency requirements.
• Oversee and continuously improve SOC incident response processes, including documentation, Standard Operating Procedures (SOPs), and incident response playbooks.
• Oversee security monitoring, alerting, and incident response activities across Microsoft security platforms, including Microsoft 365, Microsoft Defender for Endpoint (MDE), Microsoft Defender for Cloud Apps (MDCA), and Data Loss Prevention (DLP) solutions.
• Oversee security monitoring, investigation, and incident response activities related to Zero Trust Network Access (ZTNA) technologies, ensuring secure remote and application access in alignment with HHSC security policies.
• Ensure Identity and Access Management (IAM) platforms, including Okta, SailPoint, and Login.gov, are effectively monitored and supported through defined investigation, escalation, and incident response procedures aligned with HHSC standards.
• Supervise proactive security activities, including vulnerability management, threat hunting, and security tool tuning.
• Ensure vulnerabilities are reviewed, prioritized, and communicated to system owners, with appropriate coordination for remediation and verification of corrective actions.
• Leverage low-traffic operational periods to conduct proactive threat hunting and optimize security technologies (e.g., SIEM, EDR, IPS, VPN) to improve detection accuracy and reduce false positives.
• Oversee the development and maintenance of automation scripts and response playbooks to streamline routine SOC activities.
• Ensure the creation and maintenance of dashboards and reports within the SIEM to provide visibility into security posture, trends, and incident activity.
• Ensure all security event investigations and incident response activities are thoroughly documented in accordance with HHSC standards.
• Provide subject matter expertise and recommendations related to security tool renewals, enhancements, and procurement.
• Assist in the development, maintenance, and testing of SOC-related disaster recovery and business continuity plans.
• Participate in and coordinate tabletop exercises, drills, and operational tests related to cybersecurity incident response and continuity planning.
• Provide strategic recommendations to improve HHSC’s security monitoring and response capabilities, including identification of new tools, log sources, and architectural improvements.
• Recommend updates to SOC roles, responsibilities, and workflows to address evolving cybersecurity threats and emerging technologies.
• Identify and recommend professional development, certifications, and training opportunities to enhance the technical and leadership skills of SOC personnel.

Benefits

• Our comprehensive benefits package includes 100% paid employee health insurance for full-time eligible employees, a defined benefit pension plan, generous time off benefits, numerous opportunities for career advancement and more.