SOC Manager

Cyber Security Soc Manager

As the Cyber Security SOC Manager supporting the Virginia Information Technology Agency (VITA), this role leads the day-to-day operations of the Tier I, II, and III analyst team within the VITA SOC. The SOC Manager is responsible for team performance, shift coverage, analyst development, and ensuring SLA compliance across all security monitoring and incident response activities. A strong working knowledge of Splunk is required including the ability to build, interpret, and maintain operational dashboards to support data-driven SOC management and visibility into team and threat metrics. The SOC Manager serves as the senior escalation point for complex incidents, interfaces directly with the customer, and drives continuous improvement across people, process, and tooling.

Work Environment: 100% Onsite

Meaningful Work And Personal Impact

SOC Operations & Incident Response

• Serve as senior escalation authority for complex and high-severity incidents; oversee containment and remediation activities and ensure proper documentation and customer communication throughout the incident lifecycle.
• Provide expertise with Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), threat hunting, and threat intelligence; own customer-facing escalation and remediation activities.
• Recognize successful and unsuccessful intrusion attempts; triage security events and accurately prioritize and escalate incidents per established runbooks.
• Detect the full spectrum of known cyberattacks (DDoS, malware, phishing, ransomware, and others) and correlate events across capabilities to identify attacks and breaches.
• Examine malware analysis reports to correlate similar events across incidents; document and report actions taken by malicious actors in customer networks.
• Recommend appropriate methods of system remediation and threat mitigation; prepare incident reports detailing analysis methodology and results.

Splunk Operations & Automation

• Build, maintain, and optimize Splunk dashboards and reports that provide operational visibility into threat activity, SOC performance metrics, and incident trends for analysts and leadership.
• Develop and maintain automated detection workflows, correlation searches, and alert actions in Splunk to reduce analyst workload, minimize false positives, and accelerate response to high-priority threats.
• Write and maintain SPL searches, scheduled reports, and lookup-driven workflows; leverage scripting (Python, PowerShell) to extend Splunk capabilities and support security automation where needed.
• Conduct log and system analysis for network and security devices; create and update detection rules and signatures in security tools and applications.
• Document emerging threat intelligence and reported IOCs for security tool integrations.

Detection Tuning & Compliance Alignment

• Align detections and logging with frameworks and controls: NIST 800-53, NIST CSF, PCI DSS, HIPAA, and SOX as applicable to the customer environment.
• Develop and tune detection content including use cases, correlation rules, and alert logic to improve fidelity and reduce noise across the SOC environment.
• Analyze and act on intelligence information to secure customer networks and devices.

Automation & Scripting

• Working knowledge of scripting (Python, PowerShell, or Bash) for security automation, log parsing, and workflow integration; ability to read and modify scripts to support SOC operations.
• Support automation efforts that reduce manual analyst burden, improve detection fidelity, and accelerate incident response timelines.

Team Leadership & SOC Management

• Lead, supervise, and develop a team of Tier I, II, and III SOC analysts; manage shift scheduling, performance expectations, and analyst career development in alignment with program objectives.
• Own SOC SLA compliance and performance reporting; deliver regular operational metrics, trend analysis, and executive-level briefings to program leadership and the customer.
• Serve as the primary customer interface for SOC operations; manage expectations, communicate incident status, and build trusted working relationships with VITA stakeholders.
• Drive continuous improvement across SOC processes, runbooks, and playbooks; conduct post-incident retrospectives and implement lessons learned to strengthen team posture and detection capability.

What You'll Need To Succeed

• Bachelors degree or equivalent experience
• 5 or more years of experience in cybersecurity operations, including demonstrated supervisory or team lead experience in a SOC environment.
• Ability to obtain and maintain a public trust
• Splunk experience advanced SPL, dashboard development, automated alerting, and correlation search creation in an operational SOC environment.
• CyberArk experience privileged access management in a government or enterprise SOC environment.
• Qualifying certification to meet DoW 8140/DCWF CSSP Analyst requirements within 6 months of start: CEH, CFR, CCNA Cyber Ops, CCNA-Security, CySA+, GCIA, GCIH, GICSP, Cloud+, SCYBER, or PenTest+
• Louisiana residency; living within a reasonable commutable distance (approximately 60 miles or less) of the Bossier City facility