SOC (Security Operations Center) Manager

Job Summary
We are looking for an experienced SOC Manager to lead our global Security Operations
function. This is a critical leadership role responsible for overseeing the Managed Security
Service Provider (MSSP), managing our internal incident response and detection
engineering team, and protecting our large hybrid cloud environment.
You will be responsible for real-time threat detection, advanced incident response, and security
monitoring. You will manage the relationship and performance of our MSSP while leading and
mentoring a specialized internal team (L2/L3 analysts, engineers), empowering them to defend
the organization against advanced cyber threats. The ideal candidate is calm under pressure,
highly technical, and passionate about building a world-class detection and response program
that spans from on-premise to the cloud.

Leadership, Strategy & Vendor Management
● Team & Vendor Management: Lead, mentor, and build the internal SOC team (e.g.,
Incident Responders, Detection Engineers). Manage the strategic relationship and
performance of the MSSP, including SLA oversight, service reviews, and escalation
procedures.
● Incident Response: Act as the primary Incident Commander during major security
incidents, coordinating response, containment, and recovery efforts between the MSSP,
internal IT Security/cloud teams, and business stakeholders.
● Strategic Vision: Define the SOC's mission, strategy, and roadmap, continuously
maturing its capabilities (internal and MSSP-driven) from reactive to predictive.
● Metrics & Reporting: Develop and report on key performance indicators (KPIs),
including MSSP effectiveness and internal metrics (e.g., Mean Time to Detect/MTTD,
Mean Time to Respond/MTTR), to senior leadership.
● Process Improvement: Own and refine all SOC processes, ensuring seamless
integration between MSSP playbooks and internal incident response runbooks.
Technical & Operational
● Platform & Cloud Security Oversight: Oversee the health, configuration, and
optimization of our core security platforms, including the SIEM (e.g., Splunk, Sentinel,
QRadar) and SOAR. Ensure effective data ingestion from our hybrid cloud
environment (AWS, Azure, GCP) and on-prem systems.

● Cloud Detection: Partner with cloud engineering teams to ensure proper configuration
of cloud-native security tools (e.g., AWS GuardDuty, Azure Security Center, GCP
Security Command Center) and integrate their telemetry into our detection program.
● Threat Intelligence: Manage the ingestion and operationalization of threat intelligence,
ensuring it is used to hunt for active and emerging threats by both the internal team
and the MSSP.
● Threat Hunting: Lead proactive, hypothesis-driven threat hunting missions (in
partnership with the MSSP) based on intelligence and environmental data, with a strong
focus on hybrid cloud attack vectors.
● Detection Engineering: Guide the internal team in developing and tuning high-fidelity
detection rules, analytics, and alerts based on frameworks like MITRE ATT&CK
(including its cloud matrix). Work with the MSSP to tune and reduce false positives.
● Triage & Escalation: Serve as the primary escalation point for critical incidents
flagged by the MSSP, providing expert guidance to the internal response team.

Required Qualifications
● Experience: 7+ years in cybersecurity, with at least 2+ years managing a SOC or
incident response team. Direct experience managing or working extensively with an
MSSP is required.
● Incident Response: Deep, hands-on experience leading the response to complex
security incidents (e.g., ransomware, APTs), including incidents in public cloud (AWS,
Azure, GCP) and on-premise environments.
● Technical Expertise: Expert-level knowledge of SIEM and SOAR platforms, EDR, and
NDR. Strong technical understanding of cloud-native security controls, logging,
and architecture (IaaS, PaaS, SaaS).
● Frameworks: Strong familiarity with the MITRE ATT&CK framework (including the
Enterprise and Cloud matrices) and the Cyber Kill Chain.
● Leadership: Proven ability to lead and stay composed during high-stress situations.
● Communication: Exceptional written and verbal communication skills for creating
post-incident reports, managing vendor relationships, and briefing executives.

Preferred Qualifications (Bonus Points)
● Experience with purple teaming or managing tabletop exercises.
● Scripting skills (e.g., Python, PowerShell) for automation.
● Relevant certifications (GCIH, GCFA, GCFE, CISSP, CISM).
● Cloud-specific security certifications (e.g., AWS Certified Security - Specialty, Azure
Security Engineer Associate, Google Professional Cloud Security Engineer).