Job Details
Security Operations Center (SOC) Manager
Description
Job Description:
This position is responsible for leading the Security Operations Center (SOC) for a law enforcement agency. The SOC consists of a variety of highly-skilled, technical staff performing Monitoring and Analysis, Cyber Incident Handling, Threat Intelligence & Hunting, non-compliance reporting, user activity monitoring, malware and forensic analysis, vulnerability assessments and penetration testing. Furthermore, the SOC Manager coordinates 24x7 staffing to support mission-critical operations, including incident response, and manages surge support.
Primary Responsibilities
- Plan, direct, and manage day-to-day activities across the Security Operations Center as well as high-tempo, high-visibility incident response efforts
- Drive implementation and improvement of new tools, capabilities, frameworks, and methodologies across all teams within the SOC
- Accountable for the timeliness and quality of reporting produced by the SOC
- Instill and reinforce industry best practices in the domains of incident response, cybersecurity analysis, case and knowledge management, and SOC operations
- Promote and drive implementation of automation and process efficiencies
Basic Qualifications
- Bachelor's degree and 8+ years of prior cybersecurity experience. Additional work experience or Cyber courses/certifications may be substituted in lieu of degree
- 4+ years of supervising and/or managing teams
- 5+ years of intrusion detection and/or incident handling experience
- CISSP and SANS GCIH or GCIA required upon start
- Advanced knowledge in planning, directing, and managing Computer Incident Response Team (CIRT) and/or Security Operations Center (SOC) operations for a large and complex Enterprise
- Significant experience supervising and leading employees of various labor categories and technical skill levels in efforts similar in size and scope to a mature Security Operation
- Mature understanding of industry accepted standards for incident response actions and best practices related to SOC operations;
- Strong written and verbal communication skills, and the ability to create technical reports based on analytical findings.
- Strong analytical and troubleshooting skills.
- Must be a US Citizen.
- Must be Top Secret – Sensitive Compartmented Information (TS/SCI) Eligible
Preferred Qualifications
- Deep technical understanding of core current cybersecurity technologies as well as emerging capabilities.
- Hands-on cybersecurity experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization including prior experience performing large-scale incident response.
- Demonstrated understanding of the life cycle of cybersecurity threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).
- Familiarity or experience in Intelligence Driven Defense, Cyber Kill Chain methodology, and/or MITRE ATT&CK framework.
- Familiarity with Cloud concepts and experience performing monitoring and responding to threats in Cloud environments.