We are seeking a highly skilled and mission-focused SOC Lead to oversee the daily operations of the Security Operations Center and guide a team of cybersecurity analysts in defending the organization against evolving threats. This role requires a blend of technical expertise, leadership presence, and the ability to translate complex cybersecurity issues into clear, actionable insights for stakeholders at all levels.
Leadership and Team Management:
- Lead, manage, and mentor the SOC team, ensuring day-to-day operations run smoothly and efficiently.
- Provide guidance, feedback, and training to SOC analysts to improve their performance and skillset.
- Ensure 24/7 operational readiness of the SOC, including shift coverage and resource management.
Incident Response and Management:
- Lead the SOC team in the identification, analysis, and response to cybersecurity incidents (attempted or successful intrusions, malware, data breaches, etc.).
- Reconstruct timelines of events based on network defense data to analyze network intrusions and attacks.
- Serve as the escalation point for complex or high-priority incidents, ensuring proper incident handling and resolution.
- Support enterprise-wide incident response, collaborating with IT and cybersecurity teams to manage and mitigate threats.
- Continuously strengthen incident response methodologies to improve response times and effectiveness.
Threat Detection and Mitigation:
- Develop and support threat detection capabilities to proactively identify emerging risks and vulnerabilities.
- Analyze large volumes of network traffic, system logs, and threat intelligence data to uncover potential threats.
- Use network operations expertise to predict potential attack vectors and devise proactive defense strategies.
- Provide recommendations on improving threat data collection and ensuring high-quality data is available for analysis.
Cybersecurity Risk Analysis:
- Analyze cybersecurity risks and communicate these risks to key decision-makers in a clear, concise manner to support informed decision-making.
- Translate complex technical risks into actionable insights for non-technical stakeholders, including management and senior leadership.
- Assist in identifying areas for continuous improvement in the organization’s cybersecurity practices based on analysis of incidents and risk data.
Intellectual Property Protection:
- Play a critical role in safeguarding the organization’s intellectual property, identifying potential threats and vulnerabilities that could put valuable data at risk.
- Develop and implement strategies to mitigate risks to intellectual property and other sensitive assets.
Collaboration and Communication:
- Collaborate with internal teams (IT, network security, and engineering) to ensure cohesive and effective threat response strategies.
- Serve as the subject matter expert for security incidents, threat analysis, and response processes within the SOC.
- Ensure the organization’s leadership and relevant stakeholders are kept informed of critical cybersecurity events and decisions.
Security Tool Management and Optimization:
- Oversee the configuration, optimization, and management of security tools such as SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection/Prevention Systems), endpoint protection, and other monitoring solutions.
- Ensure that security tools are appropriately tuned to detect relevant threats and are providing effective coverage across all systems.
Reporting and Documentation:
- Maintain accurate and detailed documentation of security incidents, including analysis, findings, and mitigation steps.
- Prepare incident reports, post-mortem analyses, and regular updates to senior management on the SOC’s performance, emerging threats, and ongoing mitigation efforts.
- Ensure compliance with industry standards and regulatory requirements in incident documentation and reporting.
Continuous Improvement and Best Practices:
- Foster a culture of continuous improvement within the SOC by assessing performance metrics, conducting after-action reviews, and implementing process improvements.
- Stay up-to-date with the latest cybersecurity threats, trends, and best practices to ensure the SOC operates effectively and remains aligned with industry standards.
Required Qualifications:
- Experience: 10+ years of experience in cybersecurity, with at least 4 years in a leadership role within a SOC or security operations environment.
- Certifications: Certifications in cybersecurity analysis such as OSCP, or equivalent certifications are strongly preferred. CISSP, CISM, GCIH, GCIA or equivalent certifications are nice to have.
- Technical Expertise: Proven expertise in network defense, incident response, threat detection, vulnerability management, and security operations.
- Incident Response: Strong experience leading incident response efforts, including network intrusions, malware infections, and data breaches.
- Data Analysis: Experience with analyzing large volumes of data (network traffic, logs, threat intelligence) to identify cybersecurity risks and respond effectively.
- Leadership Skills: Proven ability to lead and mentor a team, manage operations, and communicate complex security issues to both technical and non-technical stakeholders.
- Communication: Exceptional written and verbal communication skills, with the ability to clearly present technical information to senior leadership.
A notification to prospective applicants that reviews, and tests for the absence of any illegal drug as defined in 10 CFR 707.4, will be conducted by the employer and a background investigation by the Federal government may be required to obtain an access authorization prior to employment, and that subsequent reinvestigations may be required. The position is covered by the Counterintelligence Evaluation Program regulations at 10 CFR part 709, the announcement should also alert applicants that successful completion of a counterintelligence evaluation may include a counterintelligence-scope polygraph examination.
As a federal contractor, we are committed to fair and equitable employment practices. We make employment decisions based on job-related qualifications, merit, contract requirements, and legitimate business needs, and prohibit unlawful discrimination in all employment practices
As a federal contractor, we comply with Section 503 of the Rehabilitation Act and VEVRAA. No disability-related inquiries will be made prior to a conditional offer of employment, except as permitted by applicable law
Employee Rights Under the National Labor Relations Act (NLRA): As a federal contractor, the Company complies with Executive Order 13496 and informs employees of their rights under the National Labor Relations Act. Information regarding these rights is available at the workplace and from the National Labor Relations Board.
This position is covered by the Service Contract Labor Standards (SCLS). Compensation and fringe benefits will be provided in accordance with the applicable U.S. Department of Labor wage determination and any applicable collective bargaining agreement.
Medical, dental, vision, and 401k benefits are included with this position.