Senior Manager – SOC Operations

Job Description: Senior Manager – SOC Operations

Role Overview

We are seeking an experienced, hands-on Senior Manager to lead our Security Operations Center (SOC). The ideal candidate will bring deep technical expertise, proven leadership experience, and a track record of building, optimizing, and maturing SOC functions. This individual will play a critical role in enhancing our security posture, driving automation and innovation, and ensuring 24/7 monitoring, detection, and response capabilities.

Experience Required:
10+ years in Security Operations Center (SOC) roles

Key Responsibilities

SOC Leadership & Operations

• Lead and manage a multi-tiered SOC team, overseeing daily monitoring, alert analysis, incident response, and threat hunting operations.
• Define and implement SOC strategy aligned with organizational risk appetite, business objectives, and compliance requirements.
• Act as the primary point of contact for internal stakeholders, external clients, auditors, and technology vendors.

SIEM & Logging Architecture

• Oversee design, deployment, and optimization of SIEM solutions, including custom log collector development (Python) and log integration from diverse sources.
• Architect and maintain robust logging and auditing frameworks to ensure comprehensive security visibility and forensic readiness.

Use Case & Content Engineering

• Direct the creation, finetuning, and management of SOC use cases: detection rules, threat hunting queries, dashboards, and reports.
• Implement MITRE ATT&CK Framework for adversary mapping, threat modeling, and continuous improvement of detection logic.

SOAR & Automation

• Lead SOAR tool design, deployment, and ongoing tuning, including automated playbook and workflow development.
• Leverage AI/ML (LLM agentic frameworks) to automate alert triage, analysis, and investigation processes.
• Create, optimize, and document SOC automation scripts (primarily in Python) for log collection, enrichment, and task orchestration.

Incident Management & Forensics

• Oversee all phases of incident response, from alert triage through investigation and resolution.
• Develop and maintain comprehensive SOPs for alert analysis and incident investigation.
• Lead forensic investigations of major breaches, ensuring timely root cause analysis and SLA-driven incident reporting.

Compliance & Audit

• Align SOC operations with NIST, ISO 27001, and PCI DSS standards.
• Prepare for, participate in, and support internal and external audits; ensure timely closure of findings and continuous compliance.
• Conduct regular assessments of security controls, participate in BAS/Red Team activities, and drive remediation initiatives.

Training & Team Development

• Mentor and develop SOC analysts, engineers, and leads; foster a culture of continuous improvement and knowledge sharing.
• Conduct regular training sessions on alert analysis, investigation methodologies, and risk mitigation strategies.

Stakeholder Engagement

• Liaise with business leaders, IT teams, and clients to understand requirements, communicate risks, and provide regular status updates.
• Serve as the escalation point for critical incidents and operational issues.

Technology Evaluation & Risk Management

• Evaluate, select, and review security tools for SOC operations.
• Maintain high scores on security risk management platforms (e.g., BitSight, Security Scorecard) through proactive risk mitigation.

Required Skills & Experience

• 10+ years
  in SOC roles: Analyst, SOC Engineer, Lead, and Manager.
• Deep expertise in
  SIEM
  ,
  logging/auditing
  , and
  custom log collection
  (Python scripting).
• Hands-on experience with
  SOAR tools
  , automation workflow design, and playbook development.
• Advanced knowledge of
  use case engineering
  , MITRE ATT&CK implementation, and detection logic finetuning.
• Proven ability to develop, implement, and improve
  alert/incident SOPs
  .
• Demonstrated success in
  forensic investigations
  and
  incident reporting
  .
• Strong track record in supporting and passing
  internal and external audits
  .
• Working knowledge of
  NIST, ISO27001, PCI DSS
  compliance.
• Experience administering
  BAS tools
  , conducting Red Team assessments, and developing remediation strategies.
• Excellent programming skills in
  Python
  for SOC automation and enrichment.
• Experience with
  AI/ML/LLM-based security automation
  is highly desirable.
• Strong communication, leadership, and stakeholder management skills.

Certifications (Preferred)

• CISSP, CISM, or equivalent
• SANS GIAC (GCIA, GCFA, GCIH) or similar
• ISO 27001 Lead Implementer/Auditor
• Azure/AWS Security certifications