Security Operations Center (SOC) Team Lead

About The Position

Requirements

• Knowledge of incident response frameworks and best practices.
• Knowledge of security operations with an emphasis on patrol, inspection and response services.
• Knowledge of supervisory practices and procedures.
• Knowledge of a variety of security and safety devices and controls.
• Good organizational skills.
• Strong customer service and results orientation skills.
• Strong interpersonal skills, with the ability to interact effectively with clients, at various social levels and across diverse cultures.
• Exceptional time-management skills with the ability to prioritize and delegate tasks in a fast-paced environment.
• Excellent leadership, communication, and interpersonal skills.
• Skilled in documenting O365/Azure platform technical issues, analysis, client communication, and resolution as part of cyber risk mitigation.
• Demonstrated leadership abilities and adaptability when facing unique challenges, with experience working effectively with individuals in diverse cultures and business environments.
• Ability to provide positive direction and motivate performance.
• Ability to learn quickly and carry out instructions furnished in written, oral, or diagrammatic form.
• Ability to track and maintain schedule assignments.
• Ability to be an effective team member.
• Ability to maintain professional composure when dealing with unusual circumstances.
• Ability to adapt to various sites and changes in post procedures.
• Ability to write routine correspondence, including logs and reports
• Ability to maintain the security and integrity of critical infrastructure systems by preventing unauthorized access and ensuring compliance with laws and regulations related to national security and foreign ownership restrictions
• Must hold at least one or more of the following certifications: Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) GIAC Security Operations Manager (GSOM) Microsoft Cybersecurity Architect (SC-100) Certified SOC Analyst (CSA) AWS Certified Solutions Architect
• Bachelor’s degree in information security, Computer Science, a related field, or equivalent work experience on a year-for-year basis up to 4 years.
• A minimum of 8 years of experience within security operations, cyber threat intelligence, or incident response, with at least 5 years in a leadership role in a SOC (Security Operations Center) or IR team.

Responsibilities

• Provide daily leadership, technical guidance, and mentorship to SOC personnel, including Analysts, Vulnerability Management staff, and SIEM Engineers.
• Coordinate a hybrid workforce of onsite and remote staff, ensuring seamless communication, effective handoffs between shifts, and team accountability.
• Serve as the primary technical escalation point for Tier II and Tier III security incidents, providing hands-on direction during complex or high-risk events.
• Act as the lead incident responder or incident commander for major cybersecurity incidents in accordance with HHSC policies.
• Promote a culture of continuous learning by identifying skill gaps and overseeing technical training programs for SOC personnel.
• Manage scheduling and shift rotations to ensure 24/7/365 coverage, including after-hours, weekends, and holidays.
• Maintain and report key operational metrics (KPIs) to leadership to demonstrate SOC health and effectiveness.
• Support audit and compliance activities by providing necessary documentation and evidence of security operations.
• Collaborate on the review and validation of the Cybersecurity Incident Response Plan to ensure it remains actionable for the team.
• Drive the continuous improvement of incident response processes, Standard Operating Procedures (SOPs), and automated playbooks.
• Monitor and optimize security alerting across the Microsoft security stack, including M365, Microsoft Defender for Endpoint (MDE), Defender for Cloud Apps (MDCA), and DLP solutions.
• Guide investigations related to Zero Trust Network Access (ZTNA) technologies to ensure secure remote access aligns with agency policy.
• Ensure Identity and Access Management (IAM) platforms (Okta, SailPoint, Login.gov) are monitored effectively with clear escalation paths for anomalies.
• Supervise proactive security functions, including vulnerability management, threat hunting, and the fine-tuning of security tools.
• Coordinate with system owners to ensure vulnerabilities are prioritized, remediated, and verified in a timely manner.
• Lead proactive threat hunting initiatives during low-traffic periods to optimize detection logic within the SIEM, EDR, and IPS.
• Manage the development of automation scripts (SOAR) to reduce manual tasks and improve response times.
• Oversee the creation of SIEM dashboards and reports to provide real-time visibility into the HHSC threat landscape.
• Ensure all investigations and incident documentation meet HHSC forensic and administrative standards.
• Provide technical subject matter expertise to assist leadership in evaluating security tool renewals and new procurements.
• Assist in the development and testing of SOC-specific disaster recovery and business continuity plans.
• Facilitate and participate in tabletop exercises and red/blue team drills to test the agency’s incident response readiness.
• Provide technical recommendations to enhance security monitoring, such as identifying new log sources or architectural gaps.
• Evaluate and recommend updates to SOC workflows to adapt to emerging threats and new technologies.
• Identify specific certifications and professional development paths to keep the team at the forefront of the cybersecurity field.

Benefits

• Our comprehensive benefits package includes 100% paid employee health insurance for full-time eligible employees, a defined benefit pension plan, generous time off benefits, numerous opportunities for career advancement and more.