SOC Manager

About The Position

Requirements

• 5+ years of experience in security operations, MDR, or a managed security services environment, with at least 2 years in a team lead or management role.
• Demonstrated experience managing a 24×7 SOC or security analyst team, including shift scheduling and on-call management.
• Deep understanding of the SOC analyst workflow — from alert triage and investigation through escalation and incident response handoff.
• Working knowledge of threat intelligence frameworks (e.g., MITRE ATT&CK, Diamond Model, Kill Chain) and how TI is operationalized in a SOC.
• Familiarity with threat hunting methodologies and detection engineering practices (e.g., Sigma rules, SIEM query development).
• Strong incident response background, including experience executing or overseeing IR playbooks and post-incident reviews.
• Experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, Chronicle, Elastic), EDR tools, and SOAR platforms.
• Proven ability to manage escalations under pressure, with clear, professional communication to technical and executive stakeholders.
• Strong people management and coaching skills with a track record of developing analyst talent.
• Excellent written and verbal communication skills.

Nice To Haves

• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience).
• Industry certifications such as CISSP, CISM, GSOM, GCIA, GCIH, or equivalent.
• Experience in a commercial MDR or MSSP environment with multi-tenant client responsibilities.
• Experience implementing or improving SOC automation and AI or SOAR-driven playbooks.
• Familiarity with frameworks such as CMMC, NIST CSF, SOC 2, or ISO 27001 in the context of managed security service delivery.

Responsibilities

• Directly manage a team of Tier 1, Tier 2, and Tier 3 security analysts, providing day-to-day leadership, coaching, mentorship, and performance management.
• Conduct regular 1:1s, team meetings, and performance reviews; set clear goals and development plans aligned with individual and organizational objectives.
• Foster a high-performance, collaborative SOC culture with a focus on analyst growth, retention, and well-being across a 24×7 operational environment.
• Manage shift handoffs, holiday coverage, and surge staffing plans to address operational gaps without analyst burnout.
• Participate in hiring, onboarding, and skills development initiatives for the analyst team.
• Own and continuously refine the SOC escalation framework, ensuring clearly defined escalation paths, SLAs, and communication protocols.
• Serve as an escalation point for complex, high-severity, or ambiguous security events, providing real-time guidance and decision-making support to analysts.
• Coordinate escalations to client security teams, executive stakeholders, and third-party responders as required, maintaining clear and timely communication throughout.
• Conduct post-escalation reviews to identify process gaps and drive continuous improvement.
• Ensure analyst triage and investigation workflows are tightly integrated with the MDR incident response lifecycle, from initial detection through containment, eradication, and recovery.
• Collaborate with the Incident Response team to define and document IR playbooks, ensuring analysts are trained and prepared to execute them effectively.
• Oversee analyst participation in incident response activities, coordinating handoffs and maintaining situational awareness during active incidents.
• Conduct or facilitate post-incident reviews (PIRs) with the analyst team to extract lessons learned and drive process improvements.
• Partner with the RAID team to operationalize intelligence within the SOC, ensuring analysts are consuming and applying relevant TI in their daily triage and investigation activities.
• Facilitate regular TI briefings and knowledge-sharing sessions to keep the analyst team current on adversary TTPs, active threat campaigns, and client-relevant intelligence.
• Provide operational feedback to the RAID team on intelligence relevance, gaps, and analyst consumption patterns to continuously refine RAID outputs.
• Coordinate analyst involvement in threat hunting initiatives, including providing operational context and making analyst expertise available for collaborative hunts.
• Ensure hunt outcomes are fed back into SOC runbooks
• Serve as the primary operational voice into the Detection Engineering program, surfacing analyst feedback on alert fidelity, false positive rates, detection coverage gaps, and tuning opportunities.
• Coordinate structured feedback loops between analysts and detection engineers to drive continuous improvement in detection rule quality and alert triage efficiency.
• Participate in detection review processes, contributing operational context to prioritization decisions for new detections and tuning initiatives.
• Define, track, and report on key SOC operational metrics
• Deliver regular operational reports and briefings to leadership, highlighting trends, risks, and opportunities.
• Identify and drive continuous improvement initiatives across SOC processes, tooling, automation, and analyst workflows.
• Maintain and continuously improve SOC runbooks, playbooks, and standard operating procedures (SOPs).

Benefits

• health, dental, and vision
• 401K
• responsible PTO plan
• employee parking