Deputy Security Operations Center Manager

Job responsibilities

• Lead day‑to‑day operations of the Security Operations Center (SOC), ensuring consistent, reliable monitoring, detection, and response to security incidents across the environment.
• Supervise, mentor, and develop SOC analysts and shift leads; manage staffing, scheduling, and escalation procedures for a 24/7 operational model.
• Coordinate incident response activities with internal teams and external partners; drive root cause analysis, post‑incident reviews, and continuous improvement of playbooks and runbooks.
• Operate and tune core SOC tooling (SIEM, EDR, SOAR) to improve detection coverage, reduce false positives, and accelerate investigation times.
• Define, collect, and report on SOC performance metrics and KPIs; present operational status and trends to leadership and key stakeholders.
• Partner with threat intelligence, vulnerability management, and engineering teams to operationalize threat indicators and harden systems based on observed threats and vulnerabilities.
• Manage vendor relationships and third‑party security monitoring services, ensuring SLAs and deliverables meet organizational requirements.

• Minimum of 7 years of SOC operations experience, specifically leading SOC operations or security monitoring teams, including hands‑on incident response and investigations.
• Strong familiarity with SIEM platforms, endpoint detection and response (EDR) tools, and SOAR workflow automation.
• Demonstrated ability to develop and maintain detection use cases, playbooks, and investigative procedures.
• Experience defining and reporting SOC metrics and KPIs to measure effectiveness and drive operational improvements.
• Excellent written and verbal communication skills with the ability to communicate technical details to non‑technical stakeholders and executive leadership.
• Proven leadership skills: coaching, performance management, scheduling for 24/7 operations, and handling escalations under pressure.
• Bachelor’s degree in Computer Science, Information Security, or related field, or equivalent experience in cybersecurity operations.

• Professional certifications such as CISSP, CISM, or GIAC that demonstrate advanced security knowledge.
• Experience with Splunk, Elastic, QRadar, or other major SIEM technologies and associated tuning/analytics.
• Hands‑on experience with cloud‑native security tools and environments (AWS, Azure, or GCP).
• Background in healthcare or regulated industries with familiarity with relevant compliance requirements (e.g., HIPAA).
• Scripting or automation skills (Python, Power Shell) to build integrations and automate repetitive operational tasks.
• Experience with threat hunting, MITRE ATT&CK framework application, and proactive detection engineering.

Up to 10%

Ability to Obtain Public Trust

Guidehouse is an Equal Opportunity Employer–Protected Veterans, Individuals with Disabilities or any other basis protected by law, ordinance, or regulation.