Job was saved successfully.
Job was removed from Saved Jobs.

Job Details


Security Operations Center (SOC) Manager



Full Time

On Site


Reston, Virginia, United States


Job Description:

The Intelligence Group (IG) is looking for a Security Operations Center (SOC) Manager to support the DHS’s ACTS Program. This position is responsible for leading the Security Operations Center CISA in Pensacola, Florida. The SOC consists of a variety of highly-skilled, technical staff performing Monitoring and Analysis, Cyber Incident Handling, Threat Intelligence & Hunting, non-compliance reporting, user activity monitoring, malware and forensic analysis, vulnerability assessments and penetration testing of on-prem and cloud environments. Furthermore, the SOC Manager coordinates 24x7 staffing to support mission-critical operations, including incident response, and manages surge support.

Primary Responsibilities

  • Plan, direct, and manage day-to-day activities across the Security Operations Center
  • Drive implementation and improvement of new tools, capabilities, frameworks, and methodologies across all teams within the SOC
  • Accountable for the timeliness and efficiency of identification, isolation, mitigation, and reporting of critical incidents by the SOC
  • Instill and reinforce industry best practices in the domains of incident response, cybersecurity analysis, knowledge management, and SOC operations
  • Familiarity with Cloud concepts and experience performing monitoring and responding to threats in Cloud environments.
  • Promote and drive implementation of automation and process efficiencies
  • Validate continual improvement and technical advances
  • Maintain a forward-leaning ops tempo that includes continual validation and improvement across all SOC functions.
  • Maintain situational awareness of escalated events and alerts, tools status, vulnerability status, forensics and malware investigations, intelligence status, and all other SOC functions
  • Experience reporting on SOC activities and deliver SOC recommendations in accordance with government and contractual requirements
  • Provide customers with remediation recommendations
  • Create, review, and approve new procedural documentation

Basic Qualifications

  • Bachelor’s degree and 8+ years of relevant experience or Master’s degree with 6+ years of prior relevant Quality Management experience. Years of experience may be used in lieu of degree.
  • 4+ years of supervising and/or managing teams
  • 5+ years of intrusion detection and/or incident handling experience
  • CISSP and SANS GCIH or GCIA required upon start
  • Advanced knowledge in planning, directing, and managing Computer Incident Response Team (CIRT) and/or Security Operations Center (SOC) operations for a large and complex Enterprise
  • Significant experience supervising and leading employees of various labor categories and technical skill levels in efforts similar in size and scope to a mature Security Operation
  • Mature understanding of industry accepted standards for incident response actions and best practices related to SOC operations;
  • Strong written and verbal communication skills, and the ability to create technical reports based on analytical findings.
  • Strong analytical and troubleshooting skills.
  • Must be a US Citizen.
  • Must be Top Secret – Sensitive Compartmented Information (TS/SCI) Eligible

Preferred Qualifications

  • Deep technical understanding of core current cybersecurity technologies as well as emerging capabilities.
  • Hands-on cybersecurity experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization including prior experience performing large-scale incident response.
  • Demonstrated understanding of the life cycle of cybersecurity threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).
  • Familiarity or experience in Intelligence Driven Defense, Cyber Kill Chain methodology, and/or MITRE ATT&CK framework.
  • Familiarity with Cloud concepts and experience performing monitoring and responding to threats in Cloud environments.
  • Familiarity with the Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA) National Cyber Incident Scoring System (NCISS)
  • Familiarity with identifying High Value Assets (HVAs) and coordinating enhanced cyber response actions required to protect and return these HVAs to service in the event of an outage

Pay Range:Pay Range $113,100.00 - $174,000.00 - $234,900.00