About the Company
We are a leading provider of Cybersecurity-as-a-Service (CSaaS), delivering advanced cyberthreat protection to small and medium-sized businesses (SMBs) across regulated industries, including the U.S. Defense Industrial Base (DIB). Our mission is to bring enterprise-grade security to organizations that traditionally lack access to high-quality, affordable protection.
Our AI-powered virtual SOC platform enables human and digital analysts to seamlessly serve as a customer’s day‑to‑day compliance and security operations team. We combine compliance management with expert-driven 24/7 security operations, guiding customers through frameworks such as CMMC and NIST CSF while delivering continuous threat monitoring, deep-spectrum™ threat hunting, incident response, vulnerability management, and security awareness training.
If you’re passionate about helping SMBs stay mission-focused without the constant worry of cyber risk, this is an opportunity to join a team building the future of cybersecurity.
About the Role
The SOC Manager is responsible for leading the day-to-day operations of a 24×7 virtual Security Operations Center. This role manages a team of analysts across all tiers, ensuring disciplined shift coverage, strong escalation practices, and seamless integration with incident response, threat intelligence, threat hunting, and detection engineering functions.
As an early team member, you will work closely with experienced security leaders, influence platform development, and help shape the operational foundation of a rapidly growing cybersecurity organization.
Responsibilities
1. Team Leadership & People Management
• Manage Tier 1, Tier 2, and Tier 3 analysts, providing daily leadership, coaching, and performance management.
• Conduct regular 1:1s, team meetings, and performance reviews with clear development plans.
• Foster a high-performance, collaborative SOC culture focused on growth, retention, and well-being.
• Oversee shift handoffs, holiday coverage, and surge staffing to maintain 24×7 readiness without burnout.
• Participate in hiring, onboarding, and ongoing skills development.
2. Escalation Management
• Own and refine the SOC escalation framework, including SLAs and communication protocols.
• Act as the escalation point for complex or high-severity security events, providing real-time guidance.
• Coordinate escalations to client teams, executives, and third-party responders.
• Conduct post-escalation reviews to identify gaps and drive improvements.
3. Integration with Incident Response
• Ensure SOC triage workflows align with the full MDR incident response lifecycle.
• Collaborate with IR teams to define, document, and train analysts on IR playbooks.
• Oversee analyst participation during active incidents and maintain situational awareness.
• Lead or facilitate post-incident reviews to extract lessons learned.
4. Integration with Threat Intelligence, Threat Hunting & Detection Engineering
• Operationalize threat intelligence within the SOC, ensuring analysts apply relevant insights.
• Facilitate regular TI briefings and knowledge-sharing sessions.
• Provide feedback to intelligence teams on relevance, gaps, and consumption patterns.
• Coordinate analyst involvement in threat hunting and ensure hunt outcomes feed back into SOC runbooks.
• Serve as the operational voice for detection engineering, surfacing feedback on alert fidelity, false positives, and coverage gaps.
• Participate in detection review processes and tuning prioritization.
5. Metrics, Reporting & Continuous Improvement
• Define, track, and report on key SOC operational metrics.
• Deliver regular operational briefings to leadership, highlighting trends, risks, and opportunities.
• Identify and drive improvements across processes, tooling, automation, and workflows.
• Maintain and enhance SOC runbooks, playbooks, and SOPs.
Required Qualifications
• 5+ years of experience in security operations, MDR, or managed security services.
• 2+ years in a team lead or management role.
• Experience managing a 24×7 SOC, including shift scheduling and on-call rotations.
• Deep understanding of SOC workflows: alert triage, investigation, escalation, and IR handoff.
• Working knowledge of threat intelligence frameworks (MITRE ATT&CK, Diamond Model, Kill Chain).
• Familiarity with threat hunting and detection engineering (e.g., Sigma, SIEM query development).
• Strong incident response background, including executing or overseeing IR playbooks and PIRs.
• Experience with SIEM platforms (Splunk, Sentinel, Chronicle, Elastic), EDR tools, and SOAR platforms.
• Proven ability to manage escalations under pressure with clear communication to technical and executive stakeholders.
• Strong people leadership and coaching skills with a track record of developing analyst talent.
• Excellent written and verbal communication skills.