SOC Incident Response Lead

About The Position

Requirements

• Bachelor's degree in IT, Computer Science, Business Administration, or related field (or equivalent work experience)
• Minimum 8 years of experience in incident management, incident response, or related IT role
• Strong understanding of ITIL principles and incident management best practices
• Proficiency with incident management tools and ITSM platforms
• Excellent problem-solving, analytical, communication, and interpersonal skills
• Demonstrated ability to manage multiple incidents effectively and make sound technical decisions
• Experience with change management and process improvement initiatives
• Incident Management & Response Coordination
• ITIL Framework & Best Practices
• Problem-Solving & Root Cause Analysis
• Stakeholder Communication & Management
• Incident Tracking & SLA Monitoring

Nice To Haves

• ITIL Foundation or ITIL Practitioner certification
• ITIL Specialist: Create, Deliver and Support or equivalent advanced ITIL certification
• Familiarity with CASTLE-NET IT environment and federal IT operations
• Experience with Security Operations Center (SOC) operations and incident response coordination
• Knowledge of cyber security incident response procedures and threat intelligence
• Background in federal IT contracting and compliance requirements
• Experience with ServiceNow or similar incident management platforms
• Cybersecurity Incident Response
• Service Desk Management
• Process Improvement & Optimization
• Team Leadership & Mentoring
• Change Management & CMDB

Responsibilities

• Manage and coordinate the resolution of IT incidents and service requests from initial detection through closure
• Oversee incident escalation process ensuring alignment with SLAs and organizational priorities
• Coordinate incident response activities across IT teams, security teams, and external vendors
• Communicate incident status, impact assessments, and resolution timelines to stakeholders and leadership
• Lead root cause analysis activities to identify underlying causes of incidents
• Document all incidents in the incident management system with detailed information and resolution details
• Monitor incident response metrics including MTTR (Mean Time To Resolution) and SLA compliance
• Coordinate with cybersecurity team on security-related incidents and threat investigation
• Implement corrective actions to prevent incident recurrence
• Conduct post-incident reviews and develop lessons learned documentation
• Provide recommendations for ITSM system and process enhancements
• Mentor incident response team members and develop incident response procedures