- Company Name
- Ariento
- Job Title
- Security Operations Center (SOC) Manager/Team Lead
- Job Description
-
Job title: Security Operations Center (SOC) Manager/Team Lead
Role Summary: Lead a 24/7 SOC team, managing day‑to‑day operations, analyst development, incident response, vulnerability management, and compliance with NIST 800‑171, CMMC, and related frameworks.
Expactations: Oversee SOC workflow, maintain service delivery KPIs, serve as escalation point for critical incidents, deliver audit-ready documentation, engage stakeholders, and drive continuous improvement in detection, automation, and processes.
Key Responsibilities:
- Manage daily SOC operations, shift coverage, ticketing, vulnerability scanning, and incident response.
- Mentor and develop SOC analysts; provide coaching, feedback, and escalations.
- Monitor performance metrics, optimize workflows, and maintain service delivery KPIs.
- Act as primary escalation point for critical incidents, coordinating cross‑functional response.
- Lead vulnerability program to identify and remediate flaws across the technology stack.
- Guide analysts through containment, eradication, and recovery activities.
- Ensure consistent use of SIEM, EDR, SOAR, and threat intelligence tools (e.g., Sumo Logic, Defender, Microsoft 365).
- Refine detection rules, playbooks, and response procedures.
- Conduct threat intelligence and vulnerability assessments.
- Execute and sustain security and compliance monitoring; support internal and client audits (NIST 800‑171, CMMC).
- Maintain audit documentation farm and deliver artifacts to clients.
- Communicate incident details and SOC status to internal and external stakeholders.
- Onboard new SOC clients: tuning, baselining, and knowledge transfer.
- Collaborate with support and development teams to drive broader security initiatives.
- Identify automation and efficiency opportunities; document SOPs, KPIs, and operational standards.
- Conduct disaster recovery and incident response drills.
Required Skills:
- 3–5+ years of SOC leadership and people‑management experience.
- Deep knowledge of SIEM/EDR technologies, detection logic, and investigative methodologies.
- Experience in regulated environments (DoD, DFARS/CMMC, NIST 800‑171).
- Hands‑on log aggregation, malware analysis, incident response, and DevOps integration.
- Strong understanding of vulnerability management processes.
- Excellent communication, stakeholder engagement, and documentation skills.
Required Education & Certifications:
- Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience).
- Certifications: Security+, CySA+, GCIH, GCIA, CISSP, CCA, CCP (preferred).
- Experience with Sumo Logic and Microsoft 365 tools; familiarity with MDR/SOC service environments and client onboarding.