Security Operations Center (SOC) Manager

About The Position

Requirements

• Strong proficiency with security tools: EDR/XDR, SIEM, SOAR, and threat intelligence platforms.
• Deep understanding of cloud security across Azure, AWS, and GCP including identity, networking, and workload protection.
• Advanced forensic analysis and threat hunting skills sufficient to lead complex investigations and guide team members.
• Proficient in scripting (Python, PowerShell, KQL) for analysis, detection development, and response automation.
• Proficiency with git version control including branching, commits, and collaborative development workflows.
• Proficiency with AI-assisted tools (Claude Code, GitHub Copilot, or equivalent) for accelerating detection development, security analysis, and team productivity.
• Experience driving AI tool adoption within a team while maintaining security standards and quality assurance.
• Understanding of AI/LLM security risks including prompt injection, data leakage, and model limitations.
• Ability to critically evaluate AI-generated outputs for accuracy and security implications.
• Demonstrated people management skills including performance coaching, conflict resolution, and team development.
• Strong organizational skills with ability to balance transformation initiatives, operational demands, and team development.
• Excellent communication skills with ability to engage customers, report to leadership, and coach team members effectively.
• Experience developing detection content (Sigma, YARA, KQL) and response playbooks.
• 5-8 years of experience in security operations, incident response, security consulting, or related fields, with demonstrated leadership or supervisory experience.
• Required certifications within 12 months: Microsoft Azure Security Technologies (AZ-500), Microsoft Security Operations Analyst (SC-200), Microsoft Identity and Access Administrator (SC-300).
• Certifications required: GCIH, GCFA, or equivalent.
• Bachelor's Degree in Information Technology, Cybersecurity, or related field preferred; equivalent experience accepted.

Nice To Haves

• Experience leading or coordinating across international teams preferred.
• Additional certifications preferred: CISSP, GREM, CySA+.

Responsibilities

• Directly manage a team of Incident Response Consultants and Security Operations professionals, including performance management, career development, regular 1:1s, and goal-setting.
• Lead the upskilling and rapid professional development of team members, ensuring readiness for evolving security challenges and agentic workflows.
• Participate in recruiting new team members through a collaborative hiring process, including interviewing, evaluating candidates, and onboarding.
• Coach and mentor team members on technical skills, customer consultation techniques, and professional growth.
• Build and maintain a high-performance culture focused on customer outcomes, continuous improvement, and operational excellence.
• Lead the transformation of the SOC into a modern agentic security operations center, leveraging AI-augmented workflows and automation to enhance detection, response, and operational efficiency.
• Drive modernization initiatives across the security operations function, including process optimization, tooling enhancements, and capability development.
• Work cross-functionally to rapidly operationalize new security capabilities and integrate them into SOC responsibilities (e.g., CSPM, Defender for OT, Purview, and emerging platforms).
• Collaborate with Armor’s engineering team to evaluate, build, and implement emerging technologies including AI/ML-assisted detection, automated response, and cloud-native security tools.
• Work with engineering to design and optimize agentic AI processes that maintain human oversight, accountability, and security standards.
• Oversee SOC triage operations, ensuring adequate coverage, quality, and consistent delivery of security monitoring and alerting services.
• Serve as senior escalation point for high-severity incidents, providing hands-on technical leadership through complex investigations and customer engagements.
• Manage security policy creation and maintenance across multiple platforms (AV, FIM, IDS, NGFW, EDR, WAF, etc.).
• Oversee security tooling management, ensuring proper configuration, optimization, and operational readiness.
• Conduct quality reviews of team deliverables including incident reports, customer recommendations, and detection content.
• Contribute to incident response playbook development, detection use-case creation, and consultation framework improvements.
• Evolve SOC operations to prioritize customer outcomes including security improvement, risk reduction, security resilience, and compliance achievement.
• Collaborate with the broader organization to ensure security operations capabilities align with customer needs and business objectives.
• Partner with Engineering, Product, and Customer Success teams on service improvements and capability development.
• Monitor and report on team performance, balancing customer outcome metrics with operational efficiency and SLA adherence.
• Coordinate with international teams to ensure consistency in procedures, escalation handling, and customer experience.