SOC Supervisor

Job Summary

The SOC Supervisor steers day‑to‑day Security Operations Center activities in alignment with corporate security objectives and leading‑practice frameworks such as NIST CSF, MITRE ATT&CK and ITIL. Analysts and team leads are provided with the appropriate tools, well‑defined processes and up‑to‑date documentation to detect, investigate and respond to cyber‑threats around the clock, consistently meeting SLA/KPI targets and maintaining high customer‑satisfaction scores.

Responsibilities

The SOC Supervisor provides strategic and operational leadership to the Security Operations Center, directing a multidisciplinary team of analysts to deliver continuous threat monitoring, incident response and cyber‑defense services. The role aligns SOC capabilities with organizational objectives and recognized frameworks (ITIL, NIST CSF, MITRE ATT&CK), safeguards system availability and performance, and ensures service‑level and customer‑satisfaction targets are consistently achieved. Responsibilities include cultivating a high‑performance culture, standardizing and automating processes, optimizing tooling and runbooks, and serving as the principal liaison with clients and internal stakeholders to communicate risk posture, performance metrics and improvement initiatives.

• Oversee continuous tracking of security events and alerts using SIEM tools.
• Analyze and correlate security data to identify potential threats and vulnerabilities.
• Ensure timely and accurate detection of security incidents to maintain high system availability and security posture.
• Lead the SOC team in responding to security incidents, ensuring effective containment, eradication, and recovery.
• Act as Incident Manager for major incident outages, coordinating cross-functional responses.
• Work closely with and in support of the IT Operations Center, Service Desk, Engineering team and vendors to expedite issue resolution.
• Develop and implement incident response plans, playbooks, and standard operating procedures (SOPs).
• Coordinate with external partners, law enforcement, and other stakeholders during major security incidents.
• Perform analysis and reporting of different metrics related to team performance and incident handling.
• Prepare comprehensive reports, metrics, and presentations for senior management and stakeholders.
• Identify opportunities for automation and process improvement to enhance the SOC’s operational efficiency.
• Support the overall management and process improvements for SOC in accordance with company goals.
• Implement and manage automated workflows, scripts, and tools to streamline security operations and incident response.
• Maintain detailed and accurate documentation of security incidents, response actions, and lessons learned.
• Contribute to the development and enhancement of Standard Operational Procedure (SOP) documentation and security policies.
• Contribute to the hiring, mentoring, performance management and retention of staff.
• Follow up team members yearly goals.
• Conducts monthly, midyear and annual reviews.
• Receives services for onboard clients and ensures the team can deliver the support.
• Serve as backup for Security Operation Center analysts as needed.

Skills and Experience

• Experience:
  • Minimum of 4+ years working experience in a security operations center (SOC), network operations center, or a related field.
  • Minimum of 3+ years working experience in supervising or managing a team of 5 or more individuals (Nice to Have).
  • Experience with the basic administration of Windows servers (v. 2019-2025), including a fundamental understanding of security infrastructure.
  • Intermediate‑level knowledge of administering and securing workloads in both Microsoft Azure and Amazon Web Services (AWS) environments is required.
  • Experience in incident response, threat detection, and security monitoring.
  Education:
  • A bachelor's degree in computer science, Industrial Engineering, Information Technology, or related fields. Alternatively, a minimum of five years of equivalent working experience.
  • Have at least one of the following certifications: GIAC Certified Incident Handler, Microsoft (AZ-500, SC-200 or SC-300), AWS (Security Specialty), EC-Council (Ethical Hacker, Network Defense) or similar certification.
  • Additional certifications are advantageous.

   

  Technical Competencies:
  • Knowledge of or training in best practices or IT frameworks, such as ITIL. ITIL Certified (Nice to Have).
  • Patching Management: Good understanding of patching management best practices.
  • Security Monitoring Tools: Proficient in using and managing SIEM tools (e.g., MS Sentinel, Wazuh) and other security monitoring applications.
  • Incident Response: Understanding of incident response processes and security incident management.
  • Security Frameworks: Familiarity with security frameworks and standards (e.g., NIST CSF, ISO 27001, MITRE ATT&CK).
  • Active Directory Services: Knowledge of Active Directory and its security implications.
  • Cloud Computing: Familiarity with cloud computing concepts and basic security operations in cloud environments (e.g., AWS, Azure).
  • Virtualization Technologies: Understanding of virtualization technologies (e.g., VMware).
  • Email Security: Familiarity with MS Office 365 and email security applications.
  • Virtualization and Server Administration: Basic knowledge of Windows Server (2012-2019) and Linux administration.
  • Disaster Recovery: Basic knowledge of disaster recovery techniques and business continuity planning.
  • Excellent written, verbal, and interpersonal skills.
  • Knowledge of threat intelligence lifecycle stages, including collection, analysis, and dissemination. Experience integrating threat intelligence feeds into SIEMs and other security tools to improve detection and response.
  • Familiarity with emerging threat actor tactics and the ability to map TTPs to frameworks such as MITRE ATT&CK to enhance defense strategies.
  • Proficiency in using threat intelligence platforms (e.g., ThreatConnect, Recorded Future) and leveraging both commercial and open-source threat intelligence feeds to identify and mitigate current and emerging threats.

   

   

  Personal Competencies:
  • Effectively lead and motivate a team in charge of responding to a 24/7 operation with high peaks of workload.
  • Actively seeks ways to help clients and ensures a positive customer experience.
  • Listens and communicates clearly to support organizational objectives.
  • Uses logic and reasoning to identify the strengths and weaknesses of alternative solutions, conclusions, or approaches to problems.
  • Demonstrates honesty and adheres to strong moral principles in all professional interactions.
  • Actively collaborates with team members to achieve a common goal or complete tasks effectively and efficiently.
  • Demonstrates the ability to adapt to changed circumstances or environments, learning from experience to improve competitiveness.
  • Possess the capacity to understand and analyze situations when multiple issues or tasks arise simultaneously, working in the correct order based on impact and urgency.
  • Exhibits ability to provide clear, concise, & constructive feedback for growth & development to direct & indirect reports on a regular basis.
  • Demonstrates ability to work independently and in a group to produce successful results.

   

  Language Skills:
  • Proficiency in English and Spanish (Oral and writing at 85% or higher), with a minimum of C1+ level proficiency in both languages being a requirement.