SOC Manager

About The Position

Requirements

• 5 or more years of experience in cybersecurity operations, including demonstrated supervisory or team lead experience in a SOC environment.
• Ability to obtain and maintain a public trust
• Splunk experience — advanced SPL, dashboard development, automated alerting, and correlation search creation in an operational SOC environment.
• CyberArk experience — privileged access management in a government or enterprise SOC environment.
• Qualifying certification to meet DoW 8140/DCWF CSSP Analyst requirements within 6 months of start: CEH, CFR, CCNA Cyber Ops, CCNA-Security, CySA+, GCIA, GCIH, GICSP, Cloud+, SCYBER, or PenTest+
• Louisiana residency; living within a reasonable commutable distance (approximately 60 miles or less) of the Bossier City facility

Responsibilities

• Serve as senior escalation authority for complex and high-severity incidents; oversee containment and remediation activities and ensure proper documentation and customer communication throughout the incident lifecycle.
• Provide expertise with Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), threat hunting, and threat intelligence; own customer-facing escalation and remediation activities.
• Recognize successful and unsuccessful intrusion attempts; triage security events and accurately prioritize and escalate incidents per established runbooks.
• Detect the full spectrum of known cyberattacks (DDoS, malware, phishing, ransomware, and others) and correlate events across capabilities to identify attacks and breaches.
• Examine malware analysis reports to correlate similar events across incidents; document and report actions taken by malicious actors in customer networks.
• Recommend appropriate methods of system remediation and threat mitigation; prepare incident reports detailing analysis methodology and results.
• Build, maintain, and optimize Splunk dashboards and reports that provide operational visibility into threat activity, SOC performance metrics, and incident trends for analysts and leadership.
• Develop and maintain automated detection workflows, correlation searches, and alert actions in Splunk to reduce analyst workload, minimize false positives, and accelerate response to high-priority threats.
• Write and maintain SPL searches, scheduled reports, and lookup-driven workflows; leverage scripting (Python, PowerShell) to extend Splunk capabilities and support security automation where needed.
• Conduct log and system analysis for network and security devices; create and update detection rules and signatures in security tools and applications.
• Document emerging threat intelligence and reported IOCs for security tool integrations.
• Align detections and logging with frameworks and controls: NIST 800-53, NIST CSF, PCI DSS, HIPAA, and SOX as applicable to the customer environment.
• Develop and tune detection content — including use cases, correlation rules, and alert logic — to improve fidelity and reduce noise across the SOC environment.
• Analyze and act on intelligence information to secure customer networks and devices.
• Working knowledge of scripting (Python, PowerShell, or Bash) for security automation, log parsing, and workflow integration; ability to read and modify scripts to support SOC operations.
• Support automation efforts that reduce manual analyst burden, improve detection fidelity, and accelerate incident response timelines.
• Lead, supervise, and develop a team of Tier I, II, and III SOC analysts; manage shift scheduling, performance expectations, and analyst career development in alignment with program objectives.
• Own SOC SLA compliance and performance reporting; deliver regular operational metrics, trend analysis, and executive-level briefings to program leadership and the customer.
• Serve as the primary customer interface for SOC operations; manage expectations, communicate incident status, and build trusted working relationships with VITA stakeholders.
• Drive continuous improvement across SOC processes, runbooks, and playbooks; conduct post-incident retrospectives and implement lessons learned to strengthen team posture and detection capability.

Benefits

• Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match.
• To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave.
• To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available.
• We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.