SOC Manager - Senior

About The Position

Requirements

• U.S. Citizenship is required
• Security Clearance: Secret Eligible
• Required Certifications: DCWF Work Role 511-Cyber Defense Analyst — Advance proficiency; must hold ONE OR MORE of the following: CBROPS,CFR,CySA+,GCFA,GCIA,GICSP
• 7+ years of experience in cybersecurity
• Masters degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering
• Experience directing SOC functions related to continuous monitoring, threat detection, incident escalation, and operational readiness.
• Experience establishing and enforcing triage standards, escalation procedures, and case management controls in a cyber operations environment.
• Experience coordinating across incident response, vulnerability management, defensive cyber, and engineering teams to drive timely containment and remediation.
• Experience reviewing operational metrics and producing leadership reporting for Government stakeholders in support of continuous monitoring objectives.
• Knowledge of cybersecurity operations supporting both classified and unclassified network environments.
• Experience working within enterprise cyber environments that use SIEM analytics, endpoint detection and response, and network security monitoring capabilities.
• Ability to support mission operations across large, geographically dispersed enterprise environments with high endpoint volume and continuous operational demands.

Responsibilities

• Direct Security Operations Center activities to ensure continuous monitoring, threat detection, incident triage, escalation, and operational readiness across supported ARNG environments.
• Establish and enforce shift coverage standards, triage quality controls, and case management procedures to support timely incident handling and risk reduction.
• Oversee incident escalation workflows into Tier 2 incident, problem, and change processes, ensuring effective coordination with CIRT, incident management, and problem management functions.
• Integrate SOC operations with CTIC, vulnerability management, defensive cyber, and engineering teams to improve containment actions, remediation execution, and continuous monitoring outcomes.
• Leverage USIEM, EDR, IDS/IPS, DLP, and related analytics to support centralized visibility, improved detection quality, and machine-speed response across ARNG cyber operations.
• Coordinate with NETCOM Global Cyber Center, DISA DCDC, and other designated stakeholders to align SOC operations with broader DoDIN-Army-NG cybersecurity requirements and reporting expectations.
• Review operational metrics, SOC communications, and evaluation artifacts to identify trends, improve analyst performance, and strengthen mission assurance objectives.
• Support cybersecurity operations across classified and unclassified enclaves, including environments tied to ARNG Title 10 and Title 32 missions, mobilization readiness, and domestic emergency response.
• Contribute to COOP site validation, testing, and operational readiness activities to help sustain continuity of cybersecurity monitoring and response services.