SOC Lead
Zachary Piper Solutions · Manassas, VA · 1 wk ago
On-siteManagement$160k–$170k/yrFull-time
Role & Responsibilities
- Leadership and Team Management
- Lead, manage, and mentor the SOC team, ensuring day-to-day operations run smoothly and efficiently.
- Provide guidance, feedback, and training to SOC analysts to improve their performance and skillset.
- Ensure 24/7 operational readiness of the SOC, including shift coverage and resource management.
- Incident Response and Management
- Lead the SOC team in the identification, analysis, and response to cybersecurity incidents (attempted or successful intrusions, malware, data breaches, etc.).
- Reconstruct timelines of events based on network defense data to analyze network intrusions and attacks.
- Serve as the escalation point for complex or high-priority incidents, ensuring proper incident handling and resolution.
- Support enterprise-wide incident response, collaborating with IT and cybersecurity teams to manage and mitigate threats.
- Continuously strengthen incident response methodologies to improve response times and effectiveness.
- Threat Detection and Mitigation
- Develop and support threat detection capabilities to proactively identify emerging risks and vulnerabilities.
- Analyze large volumes of network traffic, system logs, and threat intelligence data to uncover potential threats.
- Use network operations expertise to predict potential attack vectors and devise proactive defense strategies.
- Provide recommendations on improving threat data collection and ensuring high-quality data is available for analysis.
- Cybersecurity Risk Analysis
- Analyze cybersecurity risks and communicate these risks to key decision-makers in a clear, concise manner to support informed decision-making.
- Translate complex technical risks into actionable insights for non-technical stakeholders, including management and senior leadership.
- Absorb areas for continuous improvement in the organization’s cybersecurity practices based on analysis of incidents and risk data.
- Intellectual Property Protection
- Play a critical role in safeguarding the organization’s intellectual property, identifying potential threats and vulnerabilities that could put valuable data at risk.
- Develop and implement strategies to mitigate risks to intellectual property and other sensitive assets.
- Collaboration and Communication
- Collaborate with internal teams (IT, network security, and engineering) to ensure cohesive and effective threat response strategies.
- Serve as the subject matter expert for security incidents, threat analysis, and response processes within the SOC.
- Ensure the organization’s leadership and relevant stakeholders are kept informed of critical cybersecurity events and decisions.
- Security Tool Management and Optimization
- Oversee the configuration, optimization, and management of security tools such as SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection/Prevention Systems), endpoint protection, and other monitoring solutions.
- Ensure that security tools are appropriately tuned to detect relevant threats and are providing effective coverage across all systems.
- Reporting and Documentation
- Maintain accurate and detailed documentation of security incidents, including analysis, findings, and mitigation steps.
- Prepare incident reports, post-mortem analyses, and regular updates to senior management on the SOC’s performance, emerging threats, and ongoing mitigation efforts.
- Ensure compliance with industry standards and regulatory requirements in incident documentation and reporting.
- Continuous Improvement and Best Practices
- Foster a culture of continuous improvement within the SOC by assessing performance metrics, conducting after-action reviews, and implementing process improvements.
- Stay up-to-date with the latest cybersecurity threats, trends, and best practices to ensure the SOC operates effectively and remains aligned with industry standards.
- Experience: 10+ years of experience in cybersecurity, with at least 4 years in a leadership role within a SOC or security operations environment.
- Certifications: Certifications in cybersecurity analysis such as CISSP, CISM, GCIH, GCIA, or equivalent certifications are strongly preferred.
- Technical Expertise: Proven expertise in network defense, incident response, threat detection, vulnerability management, and security operations.
- Incident Response: Strong experience leading incident response efforts, including network intrusions, malware infections, and data breaches.
- Data Analysis: Experience with analyzing large volumes of data (network traffic, logs, threat intelligence) to identify cybersecurity risks and respond effectively.
- Leadership Skills: Proven ability to lead and mentor a team, manage operations, and communicate complex security issues to both technical and non-technical stakeholders.
- Communication: Exceptional written and verbal communication skills, with the ability to clearly present technical information to senior leadership.