Lead end-to-end incident response activities, including detection, containment, eradication, recovery, and post-incident review
Direct SOC analysts in threat detection, triage, investigation, and remediation efforts
Maintain accurate incident documentation, escalation workflows, ticket management, and timely event resolution
Develop and implement SOAR workflows to automate investigations, response actions, and repetitive security tasks
Improve operational efficiency and reduce MTTR through process automation and continuous optimization
Develop custom SIEM detection rules and signatures based on evolving business needs, threat intelligence, and threat hunting findings
Develop, track, and report SOC KPIs, including MTTD, MTTA, MTTR, dwell time, false positives, and incident closure rates
Provide leadership with regular updates on security operations, incident trends, and overall security posture
Maintain and improve SOC strategies, policies, SOPs, playbooks, and operational processes
Required Qualifications:
Deep technical hands-on knowledge of security monitoring tools and technologies including SIEM, IDS/IPS, EDR/XDR, NDR, firewalls, and SOAR platforms
Strong understanding of threat intelligence, indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and attack methodologies
Expert knowledge of security frameworks and methodologies including NIST Cybersecurity Framework, ISO 27001, MITRE ATT&CK, etc.
Proficiency in log analysis, network traffic analysis, threat hunting techniques, and behavioral analysis
Strong understanding of cloud security principles and cloud-native security tools
Fundamental understanding of programming and scripting languages (Python, PowerShell, Bash) for automation, log parsing, and data analysis
Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent professional experience).
Requirements
Experience in the financial services industry with deep understanding of financial sector threat landscape, regulatory requirements.
Experience Requirements:
Minimum 8-10 years of progressive experience in information security and cybersecurity operations
Minimum 7 years of hands-on experience in security operations, with demonstrated expertise across all three SOC tiers (Tier 1 triage, Tier 2 incident response, and Tier 3 threat hunting/advanced analysis)
Minimum 5 years of direct SOC management experience, including team leadership, resource planning, and operational oversight
Minimum 2 years of hands-on experience with SIEM platforms, including rule creation, testing, tuning, and change management
Proven experience managing 24/7 security operations with demonstrable results in incident response effectiveness
Additional Information
Position Overview:
We are seeking an experienced and highly skilled Security Operations Center (SOC) Manager to lead our cybersecurity operations team. The SOC Manager will oversee the full security operations lifecycle, from threat detection and incident response to team development and planning. This role is critical to ensure our organization maintains a robust security posture while managing day-to-day security operations.
Myhrhome · Baltimore, MD