SOC Manager

About The Position

Requirements

• 8+ years of Information Technology experience, with at least four years dedicated to incident response.
• At least one of the following certifications: GCIH, GCFA, or GREM. Equivalent industry incident response certifications, such as CISSP, CISM, or CySA+, MAY be considered.
• Experience with SIEM, SOAR, EDR, CDM, and malware analysis.
• Demonstrated experience managing a Security Operations Center, including overseeing complex systems, multi-tier analyst teams, and 24x7x365 coverage models.
• Hands-on experience with SIEM, SOAR, and EDR platforms, including building and tuning notable event dashboards, correlation content, and automated response playbooks.
• Experience with Continuous Diagnostics and Mitigation (CDM) data feeds and the integration of CDM telemetry into SIEM for centralized visibility.
• Working knowledge of malware analysis workflows, including triage, sandbox detonation, and coordination with Tier 3 reverse engineering resources.
• Strong working knowledge of enterprise operating systems (Windows, Linux) and networking concepts, including TCP/IP, DNS, routing, firewalls, and proxy architectures.
• Hands-on experience with AWS native services and tools, including CloudTrail, GuardDuty, Security Hub, VPC Flow Logs, and IAM, in support of cloud incident detection and response.
• Working knowledge of NIST SP 800-61 (Computer Security Incident Handling Guide) and the ability to align SOC operations and reporting to its four-phase model.
• Familiarity with the MITRE ATT&CK framework and experience applying it to detection coverage assessments and post-incident reviews.
• Experience building and maintaining shift schedules, call trees, and stakeholder notification procedures that meet contractual notification timelines.
• Experience leading post-incident reviews, root cause analysis, and lessons-learned sessions, and translating findings into updated SOPs and playbooks.
• Strong written and verbal communication skills, including the ability to brief incident
• Required to obtain and maintain a Non-Sensitive / High Risk (Public Trust) security clearance at the Tier 4/6c level.
• Must be available to support 24x7x365 SOC coverage, including on-call response and on-site presence at client Headquarters in Washington, DC as needed.
• U.S. Citizenship is required due to federal contract obligations, along with the ability to successfully pass a federal background investigation.

Responsibilities

• Manage daily SOC activities, including building and maintaining shift schedules that sustain 24x7x365 coverage and ensure adequate staffing across Tier 1, Tier 2, and Tier 3 functions.
• Maintain all SOC documentation, including Standard Operating Procedures, Playbooks, and the SOC Concept of Operations, reviewing and updating them on the cadence required by the client SOC CONOPS.
• Manage Tier 1, Tier 2, and Tier 3 incident response operations, including alert triage, escalation, in-depth analysis, and advanced forensics.
• Coordinate containment, eradication, and recovery activities across SOC analysts, engineering teams, system owners, and partner SOCs.
• Lead post-incident reviews and root cause analysis sessions, document findings, and translate lessons learned into updates to playbooks, detection content, and SOPs.
• Ensure all incident response activities comply with NIST SP 800-61 and client incident response SOPs, and that reporting timelines are met.
• Manage the SIEM notable events dashboard, including reviewing detection coverage, false-positive rates, and analyst workload, and direct tuning activities to improve signal quality.
• Maintain the shift coverage schedule and ensure handoff procedures preserve situational awareness across rotations.
• Maintain the SOC call tree, including contact information for all partner organizations, Cloud Service Providers, and client stakeholders, and validate the call tree at least quarterly.
• Serve as the primary escalation point for high-severity incidents and lead cross-team coordination during active response.
• Track and report SOC performance metrics, including mean time to detect, mean time to respond, ticket volume by tier, and escalation rates, and present them to client SOC leadership.
• Coordinate with the Cyber Threat Intelligence and Cyber Hunt teams to incorporate new threat indicators and detection logic into SOC operations.
• Support inter-agency threat intelligence exchanges and partner SOC collaboration to align client response activities with national cybersecurity priorities.
• Develop and deliver training and knowledge transfer for SOC analysts on new SOPs, playbooks, tools, and detection content.
• Participate in the Engineering Review Board, Change Control Board, and other client governance reviews for SOC-related changes.
• Stay current on emerging adversary tactics, techniques, and procedures, and recommend improvements to the client's detection and response posture.

Benefits

• Valiant pays 99% of the Medical, Dental, and Vision Coverage for Full-time Employees
• Valiant contributes 25% towards Health Coverage for Family and Dependents
• 100% Paid Short Term Disability and Life Insurance Policy for Full-time Employees
• 100% Paid Certifications
• 401K Matching up to 4%
• Paid Time Off
• Paid Federal Holidays
• Wellness & Fitness Program
• Valiant University – Online Education and Training Portal
• FSA programs for: Medical Costs, Dependent Care, Transit, and Parking
• Referral Bonuses