SOC Manager
About the role
This role supports the Virginia Information Technology Agency (VITA) and leads the day-to-day operations of the Tier I, II, and III analyst team within the VITA SOC.
Responsibilities
- Lead the team in managing the day-to-day operations of the SOC, including team performance, shift coverage, analyst development, and ensuring Service Level Agreement (SLA) compliance.
- Oversee containment and remediation activities for complex incidents and ensure proper documentation and customer communication throughout the incident lifecycle.
- Provide expertise with Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), threat hunting, and threat intelligence; own customer-facing escalation and remediation activities.
- Recognize successful and unsuccessful intrusion attempts; triage security events and accurately prioritize and escalate incidents per established runbooks.
- Detect the full spectrum of known cyberattacks (DDoS, malware, phishing, ransomware, and others) and correlate events across capabilities to identify attacks and breaches.
- Examine malware analysis reports to correlate similar events across incidents; document and report actions taken by malicious actors in customer networks.
- Recommend appropriate methods of system remediation and threat mitigation; prepare incident reports detailing analysis methodology and results.
- Build, maintain, and optimize Splunk dashboards and reports that provide operational visibility into threat activity, SOC performance metrics, and incident trends for analysts and leadership.
- Develop and maintain automated detection workflows, correlation searches, and alert actions in Splunk to reduce analyst workload, minimize false positives, and accelerate response to high-priority threats.
- Write and maintain SPL searches, scheduled reports, and lookup-driven workflows; leverage scripting (Python, PowerShell) to extend Splunk capabilities and support security automation where needed.
- Conduct log and system analysis for network and security devices; create and update detection rules and signatures in security tools and applications.
- Document emerging threat intelligence and reported IOCs for security tool integrations.
- Align detections and logging with frameworks and controls: NIST 800-53, NIST CSF, PCI DSS, HIPAA, and SOX as applicable to the customer environment.
- Develop and tune detection content — including use cases, correlation rules, and alert logic — to improve fidelity and reduce noise across the SOC environment.
- Analyze and act on intelligence information to secure customer networks and devices.
- Work with CyberArk to manage privileged access in a government or enterprise SOC environment.
- Lead, supervise, and develop a team of Tier I, II, and III SOC analysts; manage shift scheduling, performance expectations, and analyst career development in alignment with program objectives.
- Own SOC SLA compliance and performance reporting; deliver regular operational metrics, trend analysis, and executive-level briefings to program leadership and the customer.
- Manage expectations, communicate incident status, and build trusted working relationships with VITA stakeholders.
- Drive continuous improvement across SOC processes, runbooks, and playbooks; conduct post-incident retrospectives and implement lessons learned to strengthen team posture and detection capability.
Qualifications
- Bachelor's degree or equivalent experience
- 5 or more years of experience in cybersecurity operations, including demonstrated supervisory or team lead experience in a SOC environment
- Ability to obtain and maintain a public trust
- Splunk experience — advanced SPL, dashboard development, automated alerting, and correlation search creation in an operational SOC environment
- CyberArk experience — privileged access management in a government or enterprise SOC environment
- Qualifying certification to meet DoD 8140/DCWF CSSP Analyst requirements within 6 months of start: CEH, CFR, CCNA Cyber Ops, CCNA-Security, CySA+, GCIA, GCIH, GICSP, Cloud+, SCYBER, or PenTest+
- Louisiana residency; living within a reasonable commutable distance (approximately 60 miles or less) of the Bossier City facility
Skills
- Information Security Operations
- IT Leadership
- Security Monitoring Operations
- Security Operations
- Splunk Administration
- Security Automation
- Scripting (Python, PowerShell, or Bash)
- Threat Hunting
- Indicators of Compromise (IOCs)
- Tactics, Techniques, and Procedures (TTPs)
- Threat Intelligence
- Automated Detection Workflows
- Correlation Searches
- Alert Actions
- Log and System Analysis
- Detection Rules and Signatures
- NIST 800-53, NIST CSF, PCI DSS, HIPAA, and SOX
Benefits
The position offers comprehensive benefits and wellness packages, including a 401(k) plan with company match, competitive pay and paid time off, and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement, and jury duty leave. GDIT also provides short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness, and business travel and accident insurance.
Pay
$110,500 - $149,500
Schedule
40 hours per week
Additional Work Locations
Total Rewards: Medical plans, dental plan, vision plan, 401(k) plan with company match, competitive pay and paid time off, full flex work weeks, paid parental, military, bereavement, and jury duty leave, short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness, and business travel and accident insurance.
Additional Information
GDIT is an equal opportunity employer / individuals with disabilities / protected veterans