Security Operations Center Lead

Benefits

Additional Information

Job Summary The Security Operations Center Lead is responsible for leading the day-to-day operations of the University's Security Operations Center, including cybersecurity monitoring, alert triage, incident response coordination, operational reporting, and continuous improvement of SOC processes. This position serves as the primary operational lead for the SOC and provides technical supervision, mentorship, and professional development for undergraduate and graduate student analysts. The position ensures that security events are investigated, documented, escalated, and remediated in accordance with approved procedures, response playbooks, and institutional priorities. The lead collaborates closely with Information Technology Services, the Information Security Office, Help Desk, Client Services, and other university stakeholders and external partners to protect University systems, data, services, and users while supporting the broader mission of cybersecurity education, workforce development, and institutional risk reduction. FGCU is building a culture of curiosity, commitment and collaboration. We value employees who successfully work with others and drive positive change through critical thinking and decisive action. If you thrive in an environment of innovation, accountability and mutual respect, you will find a good home here. Job Description Typical duties may include but are not limited to: Leads day-to-day Security Operations Center (SOC) activities, including security monitoring, alert triage, investigation, escalation, incident response coordination, operational reporting, and analyst shift oversight. Participates in after-hours incident response, emergency escalation, and on-call support as needed to address significant cybersecurity events or operational requirements. Recruits, hires, trains, mentors, and supervises undergraduate and graduate student analysts. Provides ongoing coaching, performance feedback, and career development support. Develops and maintains a structured student analyst training program covering alert triage, SIEM operations, threat detection, MITRE ATT&CK methodologies, digital forensics fundamentals, investigation procedures, and incident response workflows. Develops or supports cybersecurity exercises, tabletop scenarios, and incident response drills to evaluate readiness and improve coordination among SOC personnel, ITS teams, and university stakeholders. Establishes analyst progression standards, operational guardrails, and escalation thresholds to ensure student analysts operate within approved authority and documented procedures. Performs security monitoring, investigation, and incident response activities as needed to maintain SOC operations during periods of reduced student staffing or elevated operational demand. Reviews, validates, and directs security investigations, ensuring security events are properly analyzed, documented, escalated, and communicated in accordance with established policies, procedures, and response playbooks. Serves as the operational lead during significant cybersecurity incidents, coordinating response activities with Information Technology Services (ITS), university leadership, legal counsel, human resources, communications personnel, and external partners as appropriate. Maintains and improves detection, monitoring, and response capabilities across security technologies, including SIEM, endpoint detection and response (EDR), cloud security platforms, and related cybersecurity tools. Develops, maintains, and updates SOC playbooks, standard operating procedures, workflows, and documentation to support consistent and effective security operations. Manages relationships with managed security service providers (MSSPs), incident response vendors, and other external security partners to support monitoring, investigation, and response activities. Supports security operations and incident response activities involving regulated or sensitive institutional data, including data subject to FERPA, GLBA, PCI DSS, HIPAA where applicable, and university policies. Escalates actionable cybersecurity risks, incidents, and operational concerns to the Chief Information Security Officer (CISO) and other designated stakeholders. Maintains security operations documentation and reports on security metrics, incident trends, operational performance, and student program outcomes. Conducts or supports audits, compliance activities, and security reviews. Conducts post-incident reviews and broader security process evaluations to identify lessons learned, document corrective actions, and recommend improvements to detection logic, response procedures, communication workflows, and operational controls to enhance overall SOC effectiveness and operational efficiency. Communicates technical security findings, risks, and operational impacts in clear, non-technical language suitable for university leadership and business stakeholders. Contributes to broader information securit

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at fgcu? Share your experience