SOC Lead

The SOC Lead plays a pivotal role in managing the Security Operations Center, guiding the SOC team, and ensuring effective detection and response to cybersecurity incidents. They must leverage their deep technical expertise to identify risks, improve methodologies, and protect the organization’s intellectual property from evolving threats. This role demands a combination of leadership, technical skills, and the ability to communicate complex cybersecurity issues to diverse stakeholders.  

Leadership and Team Management: 

• Lead, manage, and mentor the SOC team, ensuring day-to-day operations run smoothly and efficiently. 
• Provide guidance, feedback, and training to SOC analysts to improve their performance and skillset. 
• Ensure 24/7 operational readiness of the SOC, including shift coverage and resource management. 

Incident Response and Management: 

• Lead the SOC team in the identification, analysis, and response to cybersecurity incidents (attempted or successful intrusions, malware, data breaches, etc.). 
• Reconstruct timelines of events based on network defense data to analyze network intrusions and attacks. 
• Serve as the escalation point for complex or high-priority incidents, ensuring proper incident handling and resolution. 
• Support enterprise-wide incident response, collaborating with IT and cybersecurity teams to manage and mitigate threats. 
• Continuously strengthen incident response methodologies to improve response times and effectiveness. 

Threat Detection and Mitigation: 

• Develop and support threat detection capabilities to proactively identify emerging risks and vulnerabilities. 
• Analyze large volumes of network traffic, system logs, and threat intelligence data to uncover potential threats. 
• Use network operations expertise to predict potential attack vectors and devise proactive defense strategies. 
• Provide recommendations on improving threat data collection and ensuring high-quality data is available for analysis. 

Cybersecurity Risk Analysis: 

• Analyze cybersecurity risks and communicate these risks to key decision-makers in a clear, concise manner to support informed decision-making. 
• Translate complex technical risks into actionable insights for non-technical stakeholders, including management and senior leadership. 
• Assist in identifying areas for continuous improvement in the organization’s cybersecurity practices based on analysis of incidents and risk data. 

Intellectual Property Protection: 

• Play a critical role in safeguarding the organization’s intellectual property, identifying potential threats and vulnerabilities that could put valuable data at risk. 
• Develop and implement strategies to mitigate risks to intellectual property and other sensitive assets. 

Collaboration and Communication: 

• Collaborate with internal teams (IT, network security, and engineering) to ensure cohesive and effective threat response strategies. 
• Serve as the subject matter expert for security incidents, threat analysis, and response processes within the SOC. 
• Ensure the organization’s leadership and relevant stakeholders are kept informed of critical cybersecurity events and decisions. 

Security Tool Management and Optimization: 

• Oversee the configuration, optimization, and management of security tools such as SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection/Prevention Systems), endpoint protection, and other monitoring solutions. 
• Ensure that security tools are appropriately tuned to detect relevant threats and are providing effective coverage across all systems. 

Reporting and Documentation: 

• Maintain accurate and detailed documentation of security incidents, including analysis, findings, and mitigation steps. 
• Prepare incident reports, post-mortem analyses, and regular updates to senior management on the SOC’s performance, emerging threats, and ongoing mitigation efforts. 
• Ensure compliance with industry standards and regulatory requirements in incident documentation and reporting. 

Continuous Improvement and Best Practices: 

• Foster a culture of continuous improvement within the SOC by assessing performance metrics, conducting after-action reviews, and implementing process improvements. 
• Stay up-to-date with the latest cybersecurity threats, trends, and best practices to ensure the SOC operates effectively and remains aligned with industry standards. 

Required Qualifications: 

• Experience: 10+ years of experience in cybersecurity, with at least 4 years in a leadership role within a SOC or security operations environment. 
• Certifications: Certifications in cybersecurity analysis such as CISSP, CISM, GCIH, GCIA, or equivalent certifications are strongly preferred. 
• Technical Expertise: Proven expertise in network defense, incident response, threat detection, vulnerability management, and security operations. 
• Incident Response: Strong experience leading incident response efforts, including network intrusions, malware infections, and data breaches. 
• Data Analysis: Experience with analyzing large volumes of data (network traffic, logs, threat intelligence) to identify cybersecurity risks and respond effectively. 
• Leadership Skills: Proven ability to lead and mentor a team, manage operations, and communicate complex security issues to both technical and non-technical stakeholders. 
• Communication: Exceptional written and verbal communication skills, with the ability to clearly present technical information to senior leadership. 

Additional Qualifications: 

• Strong understanding of network operations and how attackers exploit networks. 
• Ability to predict potential attack vectors based on current threat intelligence and historical data. 
• Strong analytical skills, able to translate complex data into actionable insights for decision-makers. 
• Experience with intellectual property protection strategies and threat data collection methodologies. 

Non-Negotiable Requirements:  

1. Top Secret with investigation current within the last 5 years  

2. On-site, no remote  

Technical Environment: Microsoft, Linux, Splunk, Ansible, Tenable, GEMS 

 A notification to prospective applicants that reviews, and tests for the absence of any illegal drug as defined in 10 CFR 707.4, will be conducted by the employer and a background investigation by the Federal government may be required to obtain an access authorization prior to employment, and that subsequent reinvestigations may be required. If the position is covered by the Counterintelligence Evaluation Program regulations at 10 CFR part 709, the announcement should also alert applicants that successful completion of a counterintelligence evaluation may include a counterintelligence-scope polygraph examination.  

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law. In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.