SOC Manager

About Our Job

With competitive pay, great benefits, and endless opportunities, working for the City and County of Denver means seeing yourself working with purpose — for you, and those who benefit from your passion, skills and expertise. Join our diverse, inclusive and talented workforce of more than 11,000 team members who are at the heart of what makes Denver, Denver. 

What We Offer 

The City and County of Denver offers a competitive salary commensurate with education and experience. The salary target range we are looking to offer is $125,000 - $155,000. We also offer generous benefits for full-time employees which include but are not limited to: 

• 140 hours of PTO earned within first year + 11 paid holidays, 1 personal holiday and 1 volunteer day per year. 
• Competitive medical, dental and vision plans effective within 1 month of start date.
• Pension Plan for Life (Employee contributes 8.45%, Employer matches at 17.95%)
• 457 (b) Retirement Plan (no early withdrawal fee!)
• STD, LTD, HSA, FSA, Life Insurance
• CARE Bank, Family Leave Benefits
• Employee Assistance Program, Employee Volunteer Program
• Tuition Reimbursement (up to $2000/year), We Qualify for Student Loan Forgiveness Program
• Learning and Development Opportunities; Courses and Career Development Resources
• EcoPass (unlimited free RTD bus/train rides)

Location

The City and County of Denver supports a hybrid workplace model. Employees work where needed, at a job site several days a week and off-site as needed. Employees must work within the state of Colorado on their off-site days.   

The City and County of Denver utilizes a hybrid model workplace that balances the responsibilities of public service with the benefits of a flexible work environment. Employees work where needed, at a city site and/or in the field at least 1 day a week and telecommute remotely at a designated workplace within the State of Colorado the remaining days.

What You’ll Do 

Job Responsibilities Summary:

The Security Operations Manager is responsible for overseeing a team of full-time employees, contract resources, and vendors to support DEN Security Operations. They prioritize the design, development, and maintenance of the team's technology infrastructure, including SIEM and security logging tools. The role includes administering the SIEM, ensuring security logs are maintained, and developing runbooks for incident response. They manage incident response, automate processes using SOAR, and enhance threat detection and response capabilities. Additionally, they conduct threat hunts, optimize threat intelligence feeds, support team development, and respond to audit documentation requests, while exploring new technologies to bolster the organization's security program.

Security Operations Management:

• Oversee the management of full-time employees (FTEs), contract resources, and vendors dedicated to supporting Security Operations.
• Set priorities for the design, development, and maintenance of the Security Operations team and the team’s supporting technology infrastructure, including security information and event management (SIEM) and security logging tools.
• Administer the SIEM, leveraging personal experience and professional services to ensure it is properly configured and resourced.
• Ensure security logs from DEN’s ever-growing IT footprint on-premises and in the cloud are properly integrated and maintained.
• Create, maintain, and deprecate detection use cases.
• Develop, implement, and maintain runbooks to appropriately respond to SIEM detections.

Incident Response and Automation:

• Manage the day-to-day incident response including the investigation, containment and remediation of incidents observed by the SOC team, reported by DEN employees, and those escalated through the Managed Security Services Provider (MSSP).
• Identify gaps from incidents and recommend cybersecurity control improvements, ensuring Information Security processes evolve to meet emerging threats.
• Improve incident response times by implementing Security Orchestration, Automation, and Response (SOAR) wherever possible to automate responses to common events.
• Enhance the organization's threat detection, threat intelligence, threat hunting, and incident response capabilities.
• Maintain an on-call schedule to ensure business hours and after-hours coverage.
• Perform quality assurance reviews for resolved events and incidents.
• Provide meaningful performance metrics about people and system performance.

Threat Intelligence and Hunting:

• Ensure that regular, thorough threat hunts are being performed, tracked, and reviewed by Security Operations Center (SOC) resources.
• Optimize and augment threat intelligence feeds to ensure timely and quality data is captured and distributed appropriately.

Team Support and Development:

• Conduct regular incident response simulations with the Information Security (IS) team.
• Oversee SOC mentor requests from other IT teams.
• Respond to documentation requests from internal and external audit requests.
• Create process and procedure documentation as needed to support the SOC.
• Explore and recommend new technologies to support the organization's Information Security (IS) program and SOC.

What You’ll Bring 

Denver International Airport (DEN) is the third-busiest airport in the United States and one of the top ten busiest airports in the world, connecting our community globally through flight and business. DEN is the primary economic engine for the state of Colorado, generating more than $36.4 billion for the region annually and employing nearly 37,000 people. At DEN, we are committed to fostering a diverse, inclusive and equitable workplace. We celebrate individuality and uplift all races, ethnicities, gender identities, national origins, ages, abilities, religion, and LGBTQIA+ communities. We know that our diversity makes us stronger, and we strive to keep Equity, Diversity, Inclusion & Accessibility (EDIA) at the center of all that we do.

We are looking for candidates with the following skills and experience:

• Strong understanding of cyber security industry best practices and frameworks such as NIST CSF, CIS, MITRE ATT&CK, Cyber Kill Chain, etc. and knowledge on how to apply them in an enterprise environment.
• In-depth understanding and real-world experience with technologies such as SIEM/SOAR (Splunk and Sentinel preferred), EDR/XDR, IDS/IPS, NAC, email gateways, EntraID/Azure AD/Active Directory, WAF, firewalls, and vulnerability management tools.
• Experience identifying risks within cloud hybrid IT and OT environments, providing recommendations for risk mitigation, and working across IT and business teams to ensure that mitigations are implemented.
• Excellent verbal and written communication skills with an eye toward customer service and the ability to convey complex information clearly to a less technical audience.
• Relevant certifications such as CISSP, CISM, GCIA, GCIH, or similar are preferred but not necessarily required.
• Working knowledge of AWS and Azure cloud security services.

Required Minimum Qualifications 

• Education: Bachelor's Degree in Computer Science, Mathematics, Business, or a related field.  
• Experience: Three (3) years of professional level information technology work at the type and level of a senior or full performance professional.  
• Experience Equivalency: One (1) year of the appropriate type and level of experience may be substituted for each required year of post high school education. Additional appropriate education may be substituted for the minimum experience requirements.
• Licensure & Certification- none.

Application Deadline 

This position is expected to stay open until February 7th, 2025. Please submit your application as soon as possible and no later than February 7th, 2025, date at midnight to ensure consideration.

FBI Background Check: FBI criminal background check is required for all positions at Denver International Airport (DEN). Employees are also required to report any felony convictions and/or moving violations to maintain this clearance and be eligible for continued employment. By position, a pre-employment physical/drug test may be required.

 

Snow / Emergency Duties: Denver International Airport is a 24/7/365 team operation. If weather conditions warrant or an emergency crisis occurs, all DEN employees may be required to work extended hours and/or shifts.

About Everything Else

Job Profile

CI2787 IT Manager

To view the full job profile including position specifications, physical demands, and probationary period, click here.

Position Type

Unlimited

Position Salary Range

$122,009.00 - $207,415.00

Starting Pay

Based on relevant experience, education and internal equity

Agency

Denver International Airport

The City and County of Denver provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, national origin, disability, genetic information, age, or any other status protected under federal, state, and/or local law. 

It is your right to access oral or written language assistance, sign language interpretation, real-time captioning via CART, or disability-related accommodations. To request any of these services at no cost to you, please contact Jobs@Denvergov.org with three business days’ notice.

Applicants for employment with the City and County of Denver must have valid work authorization that does not require sponsorship of a visa for employment authorization in the U.S.

For information about right to work, click here for English or here for Spanish.