SOC Manager

Overview

Edgewater Federal Solutions Sector is seeking a SOC Manager for the Department of Defense (DoD). The successful candidate will be responsible for the overall management and operation of the Security Operations Center (SOC), ensuring the effective detection, analysis, and response to cybersecurity incidents. Lead and manage a team of SOC analysts, providing guidance on incident detection, triage, and escalation procedures. Develop and maintain SOC procedures, playbooks, and training materials to improve the team's effectiveness and efficiency.

Oversee the continuous monitoring of security systems and networks, ensuring the timely identification and response to security alerts. Manage and coordinate response activities, working with internal and external stakeholders to mitigate and eliminate cyber threats. Responsible for ensuring Government is informed on all SOC-related events.

• SOC Management and Operations Oversight: Oversee the daily operations of the Security Operations Center (SOC), ensuring the effective execution of cybersecurity monitoring, detection, response, and reporting activities.
• Team Leadership and Mentorship: Lead and manage a team of SOC analysts, providing guidance, mentorship, and support on incident detection, triage, escalation, and mitigation processes. Conduct performance assessments and identify professional development opportunities for SOC team members.
• Incident Detection and Analysis: Monitor and analyze cybersecurity events to identify anomalies, threats, and potential compromises using security tools such as SIEM, IDS/IPS, and EDR solutions. Identify and report on indicators of compromise (IOCs) while adhering to established escalation protocols.
• Incident Response Coordination: Manage and coordinate incident response activities, including containment, eradication, and recovery, while ensuring proper documentation of actions. Collaborate with internal stakeholders (e.g., IT teams, system owners) and external constituents (e.g., vendors, law enforcement, or intelligence agencies) during incident response efforts.
• SOC Policies and Playbook Development: Develop, review, and maintain SOC standard operating procedures (SOPs), playbooks, and runbooks to streamline incident response and escalation processes. Ensure all SOC-related documentation reflects current threats and technologies.
• Security Systems and Network Monitoring: Oversee continuous monitoring of networks, systems, and endpoints to identify and respond to security alerts in a timely manner. Optimize security tool configurations and automated workflows to improve threat detection capabilities.
• Risk and Threat Management: Evaluate security posture by analyzing threat intelligence, attack patterns, and system vulnerabilities to identify and mitigate weak points in the organization’s defense. Lead efforts to improve SOC detection and response capabilities by evaluating and adopting cutting-edge tools and processes.
• Security Event Reporting to Government Stakeholders: Ensure timely reporting of all SOC-related events, incidents, and threat intelligence findings to government leadership and stakeholders. Provide actionable recommendations to address vulnerabilities, mitigate threats, and strengthen cybersecurity postures.
• Training and Cybersecurity Awareness Initiatives: Conduct SOC team training to improve response techniques, threat-hunting abilities, and awareness of emerging cyber threats and vulnerabilities. Promote cybersecurity awareness and defensive best practices across the organization.
• Continuous Improvement and Post-Incident Review: Lead post-incident reviews to evaluate the effectiveness of the SOC response, identify lessons learned, and integrate improvements into future operations. Provide feedback to leadership on SOC performance metrics and resources needed for optimization.

Knowledge, Skills, and Abilities

• Expertise in Incident Detection and Response: Comprehensive knowledge of incident detection, triage, investigation, escalation, and response processes, including experience with containment, eradication, and recovery procedures.
• Advanced Understanding of Cybersecurity Tools and…