Security Operations Center Lead
Listed on 2026-06-30
-
IT/Tech
Cybersecurity, Security Manager
Security Operations Center Lead Job Summary
The Security Operations Center Lead is responsible for leading the day-to-day operations of the University's Security Operations Center, including cybersecurity monitoring, alert triage, incident response coordination, operational reporting, and continuous improvement of SOC processes. This position serves as the primary operational lead for the SOC and provides technical supervision, mentorship, and professional development for undergraduate and graduate student analysts. The position ensures that security events are investigated, documented, escalated, and remediated in accordance with approved procedures, response playbooks, and institutional priorities.
The lead collaborates closely with Information Technology Services, the Information Security Office, Help Desk, Client Services, and other university stakeholders and external partners to protect University systems, data, services, and users while supporting the broader mission of cybersecurity education, workforce development, and institutional risk reduction.
- Leads day-to-day Security Operations Center (SOC) activities, including security monitoring, alert triage, investigation, escalation, incident response coordination, operational reporting, and analyst shift oversight.
- Participates in after-hours incident response, emergency escalation, and on-call support as needed to address significant cybersecurity events or operational requirements.
- Recruits, hires, trains, mentors, and supervises undergraduate and graduate student analysts. Provides ongoing coaching, performance feedback, and career development support.
- Develops and maintains a structured student analyst training program covering alert triage, SIEM operations, threat detection, MITRE ATT&CK methodologies, digital forensics fundamentals, investigation procedures, and incident response workflows.
- Develops or supports cybersecurity exercises, tabletop scenarios, and incident response drills to evaluate readiness and improve coordination among SOC personnel, ITS teams, and university stakeholders.
- Establishes analyst progression standards, operational guardrails, and escalation thresholds to ensure student analysts operate within approved authority and documented procedures.
- Performs security monitoring, investigation, and incident response activities as needed to maintain SOC operations during periods of reduced student staffing or elevated operational demand.
- Reviews, validates, and directs security investigations, ensuring security events are properly analyzed, documented, escalated, and communicated in accordance with established policies, procedures, and response playbooks.
- Serves as the operational lead during significant cybersecurity incidents, coordinating response activities with Information Technology Services (ITS), university leadership, legal counsel, human resources, communications personnel, and external partners as appropriate.
- Maintains and improves detection, monitoring, and response capabilities across security technologies, including SIEM, endpoint detection and response (EDR), cloud security platforms, and related cybersecurity tools.
- Develops, maintains, and updates SOC playbooks, standard operating procedures, workflows, and documentation to support consistent and effective security operations.
- Manages relationships with managed security service providers (MSSPs), incident response vendors, and other external security partners to support monitoring, investigation, and response activities.
- Supports security operations and incident response activities involving regulated or sensitive institutional data, including data subject to FERPA, GLBA, PCI DSS, HIPAA where applicable, and university policies.
- Escalates actionable cybersecurity risks, incidents, and operational concerns to the Chief Information Security Officer (CISO) and other designated stakeholders.
- Maintains security operations documentation and reports on security metrics, incident trends, operational performance, and student program outcomes.
- Conducts or supports audits, compliance activities, and security reviews.
- Conducts post-incident…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).