Security Operations Center Manager

Security Operations Center Manager – Neptune Technology Group

Neptune Technology Group Inc. is a technology company serving water utilities across North America. Since 1892, we have continually focused on the evolving needs of water utilities – revenue optimization, operational efficiencies, and improved customer service. With our portfolio of smart water meters, data collection systems and software, we make data actionable for our customers – so they can remain focused on the business of water.

For additional information, please visit the company website at

Neptune is maturing a 24×7 cybersecurity program across a hybrid environment (on-prem, cloud, SaaS). We need a proactive leader to own Incident Response and SOC operations
, manage SIEM performance, and ensure timely reporting to our parent company. This role is critical for reducing MTTD/MTTR, strengthening detection capabilities, and driving audit readiness.

• Lead the full IR lifecycle: detection, triage (L2–L3), containment, eradication, recovery, and post-mortems
• Coordinate forensic investigations and run tabletop, blue/red/purple team exercises
• Maintain and execute documented playbooks for rapid response
• Oversee 24×7 alerting and escalation model with MSSP and internal teams
• Implement anomaly detection and access monitoring across endpoints, networks, and cloud

• Manage SIEM (Google Sec Ops/Chronicle) including detection engineering, log health, and tuning
• Develop repeatable SOAR playbooks and automation workflows

• Ensure robust IAM lifecycle processes and enforce least privilege principles
• Integrate anomaly detection for identity-related threats
• Incorporate threat intelligence feeds into detection and response workflows
• Conduct threat modeling exercises to anticipate and mitigate risks

• Drive automation for repetitive tasks and incident workflows
• Optimize orchestration between SIEM, EDR, and SOAR platforms

• Own the incident reporting process to Neptune’s parent company
• Deliver actionable metrics on detection, response, and operational performance
• Partner with engineering to embed secure-by-design principles
• Implement zero trust segmentation and hardening based on incident learnings

• SIEM/Sec Ops: e.g. Google Sec Ops (Chronicle)
• EDR & Identity: e.g. Crowd Strike, Microsoft AD/Entra
• Network Security: e.g. Forti Gate NGFW, FortiSASE
• Secure Browsing: e.g. Prisma
• Patching & Config: e.g. Automox
• Secrets Management: e.g. Keeper
• Email & Data Security: e.g. Mimecast, Microsoft Purview

• 5+ years in Security Operations, including 3+ years leading IR/Sec Ops teams
• Hands‑on experience with incident response, SIEM management, and threat hunting
• Strong understanding of NIST, ISO, SOC 2, MITRE ATT&CK, and zero trust principles
• Excellent communicator with experience in cross‑functional coordination and executive reporting

• CISSP or equivalent certification
• Cloud security experience (AWS, Azure, GCP)
• Audit and compliance experience (SOC 2, SOX, etc.)

Typically requires overnight travel less than 10% of the time.