HHS - SOC Lead/Incident Response Manager

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent experience).
• Minimum 8 years of cybersecurity experience with at least 3 years in SOC or Incident Response leadership.
• Demonstrated experience managing enterprise SOC operations and incident response programs.
• Strong knowledge of NIST SP 800-61, NIST SP 800-53, NIST SP 800-37, FISMA, and federal cybersecurity policies.
• Hands-on experience with SIEM, EDR, SOAR, threat intelligence platforms, and forensic tools.
• Experience managing incidents involving PII/PHI and regulatory reporting requirements.
• Ability to communicate complex technical issues to executive and non-technical audiences.
• Experience operating in a federal or highly regulated environment.
• Active CISSP, GCIA, GCIH, GCED, CISM, or CEH

Responsibilities

• Lead and manage SOC and Incident Response operations in alignment with HRSA Incident Response Plans, SOC SOPs, playbooks, and workflows.
• Ensure compliance with NIST SP 800-61, FISMA, OMB, DHS CISA, HHS, and HRSA incident response requirements.
• Oversee incident triage, investigation, containment, remediation, and recovery activities within defined SLAs.
• Serve as primary escalation point for Critical and High severity incidents, including ransomware and PII/PHI breaches.
• Coordinate incident response activities with HRSA SOC, CSIRC, system owners, ISSOs, legal counsel, privacy officials, and leadership.
• Develop, maintain, and continuously improve SOC SOPs, incident response playbooks, workflows, and response guidelines.
• Manage incident communications, stakeholder notifications, and executive briefings during active incidents.
• Ensure timely incident reporting, forensic documentation, and post-incident reports.
• Lead threat hunting, IOC management, detection rule tuning, and SIEM correlation improvement activities.
• Oversee digital forensic investigations and ensure proper chain-of-custody handling.
• Monitor SOC tools and infrastructure health; coordinate upgrades, patches, and integrations.
• Support federal cyber exercises, tabletop exercises, and incident response drills.
• Ensure 24x7 on-call support coverage and adherence to response SLAs.
• Provide metrics, dashboards, and reports on SOC performance, incident trends, and threat intelligence.
• Identify opportunities for automation and efficiency improvements across SOC operations.