SOC Manager

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, or a related field, or equivalent practical experience
• 8+ years of experience in cybersecurity operations, incident response, or threat detection
• 3+ years of experience managing security teams or leading SOC operations
• Hands‑on experience with enterprise security tools (SIEM, EDR/XDR, and threat intelligence platforms)
• Strong understanding of attacker tactics, techniques, and procedures (TTPs)
• Proven ability to lead teams in high‑pressure, time‑sensitive environments
• Excellent communication skills with the ability to brief technical and non‑technical stakeholders

Nice To Haves

• Experience operating a SOC in a large, complex, or regulated enterprise environment
• Relevant certifications such as CISSP, CISM, GCED, GCIH, or equivalent
• Familiarity with cloud security operations (AWS, Azure, GCP)
• Experience managing globally distributed or follow‑the‑sun SOC models
• Prior experience supporting executive‑level incident communications

Responsibilities

• Lead, mentor, and develop a geographically distributed SOC team, including analysts across multiple shifts and regions
• Drive a culture of accountability, continuous improvement, and operational excellence
• Define roles, skill sets, training paths, and career development plans for SOC staff
• Manage staffing models to support 24x7 operations, including managing on‑call rotations
• Oversee daily SOC operations, including monitoring, triage, investigation, containment, and remediation of security incidents
• Ensure consistent execution of response playbooks and standard operating procedures
• Coordinate cross‑functional response efforts with DFIR, IT, legal, privacy, HR, and communications teams
• Ensure effective use and continuous improvement of security tooling such as SIEM, XDR, NDR, and threat intelligence platforms
• Drive enhancements to detection use cases, alert fidelity, and automation
• Evaluate emerging threats and attacker techniques and translate intelligence into actionable detection strategies
• Define and track SOC KPIs and metrics (e.g., MTTD, MTTR, alert quality, coverage)
• Provide clear, concise reporting to executive leadership on SOC performance, risk posture, and incident trends
• Ensure SOC operations align with internal policies, regulatory requirements, and industry frameworks (e.g., NIST)
• Develop and execute a multi‑year SOC maturity roadmap aligned to business and risk priorities
• Identify opportunities for process optimization, automation, and technology improvements
• Participate in vendor evaluation, tool selection, and budget planning related to SOC capabilities
• Support audits, tabletop exercises, and purple team activities