SOC Manager
RADICL · Boulder, CO · 1 mo ago
On-siteManagementFull-time
About the role
The SOC Manager is responsible for leading the day-to-day operations of the RADICL vSOC. This role directly manages a team of security analysts across all tiers, ensuring 24×7 coverage through disciplined shift scheduling, rigorous escalation management, and continuous process improvement. The SOC Manager serves as the critical bridge between front-line analyst operations and the broader security programs — including incident response, threat intelligence, threat hunting, and detection engineering — ensuring seamless integration of analyst triage and investigation workflows into each discipline.
About You
- You enjoy fast-paced environments, bring a positive attitude, and excel at getting things done.
- You enjoy being part of a high performing team and are also able to self-direct and self-start.
- You consider yourself to be top tier talent and are eager to help others raise their game.
- You enjoy working with customers, are an excellent communicator, and able to engage and interact with people of various backgrounds and skill levels.
- You want your work to have meaning, to be important. You want to be part of creating something great.
As a RADICL SOC Manager, you will:
- Team Leadership & People Management
- Directly manage a team of Tier 1, Tier 2, and Tier 3 security analysts, providing day-to-day leadership, coaching, mentorship, and performance management.
- Conduct regular 1:1s, team meetings, and performance reviews; set clear goals and development plans aligned with individual and organizational objectives.
- Foster a high-performance, collaborative SOC culture with a focus on analyst growth, retention, and well-being across a 24×7 operational environment.
- Manage shift handoffs, holiday coverage, and surge staffing plans to address operational gaps without analyst burnout.
- Participate in hiring, onboarding, and skills development initiatives for the analyst team.
- Escalation Management
- Own and continuously refine the SOC escalation framework, ensuring clearly defined escalation paths, SLAs, and communication protocols.
- Serve as an escalation point for complex, high-severity, or ambiguous security events, providing real-time guidance and decision-making support to analysts.
- Cook up escalations to client security teams, executive stakeholders, and third-party responders as required, maintaining clear and timely communication throughout.
- Conduct post-escalation reviews to identify process gaps and drive continuous improvement.
- Integration with Incident Response
- Ensure analyst triage and investigation workflows are tightly integrated with the MDR incident response lifecycle, from initial detection through containment, eradication, and recovery.
- Collaborate with the Incident Response team to define and document IR playbooks, ensuring analysts are trained and prepared to execute them effectively.
- Oversee analyst participation in incident response activities, coordinating handoffs and maintaining situational awareness during active incidents.
- Conduct or facilitate post-incident reviews (PIRs) with the analyst team to extract lessons learned and drive process improvements.
- Integration with RADICL RAID Team (Adversary Intelligence and Detection Engineering)
- Partner with the RAID team to operationalize intelligence within the SOC, ensuring analysts are consuming and applying relevant TI in their daily triage and investigation activities.
- Facilitate regular TI briefings and knowledge-sharing sessions to keep the analyst team current on adversary TTPs, active threat campaigns, and client-relevant intelligence.
- Provide operational feedback to the RAID team on intelligence relevance, gaps, and analyst consumption patterns to continuously refine RAID outputs.
- Coordinate analyst involvement in threat hunting initiatives, including providing operational context and making analyst expertise available for collaborative hunts.
- Ensure hunt outcomes are fed back into SOC runbooks
- Serve as the primary operational voice into the Detection Engineering program, surfacing analyst feedback on alert fidelity, false positive rates, detection coverage gaps, and tuning opportunities.
- Coordinate structured feedback loops between analysts and detection engineers to drive continuous improvement in detection rule quality and alert triage efficiency.
- Participate in detection review processes, contributing operational context to prioritization decisions for new detections and tuning initiatives.
Your skillset/experience should include:
- Required Qualifications
- 5+ years of experience in security operations, MDR, or a managed security services environment, with at least 2 years in a team lead or management role.
- Demonstrated experience managing a 24×7 SOC or security analyst team, including shift scheduling and on-call management.
- Deep understanding of the SOC analyst workflow — from alert triage and investigation through escalation and incident response handoff.
- Working knowledge of threat intelligence frameworks (e.g., MITRE ATT&CK, Diamond Model, Kill Chain) and how TI is operationalized in a SOC.
- Familiarity with threat hunting methodologies and detection engineering practices (e.g., Sigma rules, SIEM query development).
- Strong incident response background, including experience executing or overseeing IR playbooks and post-incident reviews.
- Experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, Chronicle, Elastic), EDR tools, and SOAR platforms.
- Proven ability to manage escalations under pressure, with clear, professional communication to technical and executive stakeholders.
- Strong people management and coaching skills with a track record of developing analyst talent.
- Excellent written and verbal communication skills.
- Preferred Qualifications
- Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience).
- Industry certifications such as CISSP, CISM, GSOM, GCIA, GCIH, or equivalent.
- Experience in a commercial MDR or MSSP environment with multi-tenant client responsibilities.
- Experience implementing or improving SOC automation and AI or SOAR-driven playbooks.
- Familiarity with frameworks such as CMMC, NIST CSF, SOC 2, or ISO 27001 in the context of managed security service delivery.
About the Workplace
- We prioritize our culture and believe the strongest teams are built through daily, side-by-side collaboration and experiential sharing.
- We also value individual freedom and flexibility. For this reason, we have a hybrid work model. As a team, we are in office M/W/Th with work-from-home on Tuesdays and Fridays.
- For remote positions, periodic travel to Boulder will be expected to participate in company events and meaningful side-by-side collaboration opportunities.
- RADICL offices are in downtown Boulder, Colorado with easy-to-access employee parking provided by the company.
- We offer comprehensive, competitive benefits including health, dental, and vision as well as 401K and a responsible PTO plan.
The pay range for this role is:
- 170,000 - 180,000 USD per year (Boulder, CO)