SOC Manager

Edgewater Federal Solutions Sector is seeking a SOC Manager for the Department of Defense (DoD). The successful candidate will be responsible for the overall management and operation of the Security Operations Center (SOC), ensuring the effective detection, analysis, and response to cybersecurity incidents. Lead and manage a team of SOC analysts, providing guidance on incident detection, triage, and escalation procedures. Develop and maintain SOC procedures, playbooks, and training materials to improve the team's effectiveness and efficiency. Oversee the continuous monitoring of security systems and networks, ensuring the timely identification and response to security alerts. Manage and coordinate response activities, working with internal and external stakeholders to mitigate and eliminate cyber threats. Responsible for ensuring Government is informed on all SOC-related events.

SOC Management and Operations Oversight: Oversee the daily operations of the Security Operations Center (SOC), ensuring the effective execution of cybersecurity monitoring, detection, response, and reporting activities.
• Team Leadership and Mentorship: Lead and manage a team of SOC analysts, providing guidance, mentorship, and support on incident detection, triage, escalation, and mitigation processes. Conduct performance assessments and identify professional development opportunities for SOC team members.
• Incident Detection and Analysis: Monitor and analyze cybersecurity events to identify anomalies, threats, and potential compromises using security tools such as SIEM, IDS/IPS, and EDR solutions. Identify and report on indicators of compromise (IOCs) while adhering to established escalation protocols.
• Incident Response Coordination: Manage and coordinate incident response activities, including containment, eradication, and recovery, while ensuring proper documentation of actions. Collaborate with internal stakeholders (e.g., IT teams, system owners) and external constituents (e.g., vendors, law enforcement, or intelligence agencies) during incident response efforts.
• SOC Policies and Playbook Development: Develop, review, and maintain SOC standard operating procedures (SOPs), playbooks, and runbooks to streamline incident response and escalation processes. Ensure all SOC-related documentation reflects current threats and technologies.
• Security Systems and Network Monitoring: Oversee continuous monitoring of networks, systems, and endpoints to identify and respond to security alerts in a timely manner. Optimize security tool configurations and automated workflows to improve threat detection capabilities.
• Risk and Threat Management: Evaluate security posture by analyzing threat intelligence, attack patterns, and system vulnerabilities to identify and mitigate weak points in the organization's defense. Lead efforts to improve SOC detection and response capabilities by evaluating and adopting cutting-edge tools and processes.
• Security Event Reporting to Government Stakeholders: Ensure timely reporting of all SOC-related events, incidents, and threat intelligence findings to government leadership and stakeholders. Provide actionable recommendations to address vulnerabilities, mitigate threats, and strengthen cybersecurity postures.
• Training and Cybersecurity Awareness Initiatives: Conduct SOC team training to improve response techniques, threat-hunting abilities, and awareness of emerging cyber threats and vulnerabilities. Promote cybersecurity awareness and defensive best practices across the organization.
• Continuous Improvement and Post-Incident Review: Lead post-incident reviews to evaluate the effectiveness of the SOC response, identify lessons learned, and integrate improvements into future operations. Provide feedback to leadership on SOC performance metrics and resources needed for optimization.

Knowledge, Skills, and Abilities

• Expertise in Incident Detection and Response: Comprehensive knowledge of incident detection, triage, investigation, escalation, and response processes, including experience with containment, eradication, and recovery procedures.
• Advanced Understanding of Cybersecurity Tools and Technologies: Proficiency with security tools such as Security Information and Event Management (SIEM) systems, Intrusion Detection and Prevention Systems (IDS/IPS), Endpoint Detection and Response (EDR) tools, and firewalls.
• Threat Intelligence and Cyber Threat Hunting Skills: Ability to analyze threat intelligence and identify attack methods, indicators of compromise (IOCs), and tactics, techniques, and procedures (TTPs) used by adversaries.
• Strong Leadership and Team Management Skills: Proven ability to lead and mentor a team of SOC analysts, providing guidance, performance feedback, and professional development opportunities.
• Knowledge of Networking and System Security: In-depth knowledge of network architectures, protocols (e.g., TCP/IP, DNS, HTTPS), and operating systems (Windows, Linux, macOS), including securing and monitoring these environments.
• Familiarity with Cybersecurity Frameworks and Standards: Knowledge of cybersecurity frameworks (e.g., NIST Cybersecurity Framework, MITRE ATT&CK, ISO 27001) and how to apply them to SOC operations.
• Policy Development and Process Optimization: Skill in developing and maintaining SOC playbooks, Standard Operating Procedures (SOPs), and policies to improve SOC operational efficiency and effectiveness.
• Effective Communication and Reporting Skills: Ability to clearly communicate complex technical information (e.g., incident findings and risk assessments) to non-technical stakeholders, leadership, and external partners.
• Analytical and Problem-Solving Abilities: Strong analytical skills for identifying trends, correlating security data, and solving complex cybersecurity challenges to improve organizational defense.
• Continuous Learning and Threat Adaptability: Demonstrated ability to stay current on evolving cybersecurity threats, tools, and best practices, adapting to new challenges and proactively improving defensive measures.

• Bachelor's degree in technical discipline, or related field and/or 10-years' experience in progressively more complex roles in cybersecurity operations or analysis and/or incident response
• Clearance Requirement: Top Secret
• CompTIA Security+
• Certified Information Systems Security Professional (CISSP)

Desired Qualifications

• Certified Ethical Hacker (CEH)
• GIAC Certified Incident Handler (GCIH)
• GIAC Security Operations Certified (GSOC)
• CompTIA Advanced Security Practitioner (CASP+)
• Certified Information Security Manager (CISM)
• AWS Certified Security - Specialty or Microsoft Certified: Azure Security Engineer Associate: Relevant if managing systems in hybrid or cloud environments.
• Cyber Threat Intelligence (CTI) Cert or MITRE ATT&CK Defender (MAD)
• Demonstrates specialized knowledge in threat intelligence analysis and mapping frameworks.
• Advanced Threat Intelligence Knowledge. Experience working with and integrating threat intelligence platforms and frameworks into SOC operations.
• Automation and Scripting Skills. Knowledge of scripting languages like Python, PowerShell, or Bash for automating routine SOC tasks and custom threat detection rules.
• Strategic Thinking and Risk Management. Ability to assess current threats and vulnerabilities, prioritize organizational risks, and drive proactive mitigation strategies.
• Strong interpersonal and communication skills to relay real-time incident updates and foster collaboration between SOC teams and other organizational units.
• Experience with Federal and DoD Systems: Familiarity with compliance requirements and operational environments specific to the Department of Defense (e.g., DISA STIGs, FedRAMP, RMF).

Physical Demands: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• While performing the duties of this job, the employee is regularly required to talk or hear.
• Possess the ability to fulfill any and all office activities normally expected in an office setting, to include, but not limited to remaining seated for periods of time to perform computer entry, participating in filing activity, lifting and carrying office supplies.
• The employee must occasionally lift and/or move up to fifteen (15) pounds.
• Fine hand manipulation (keyboarding).
• Must have the ability to sit for long periods.
• Ability to view computer monitor for long periods.

Working at Edgewater Federal Solutions:

Edgewater Federal Solutions is a privately held government contracting firm located in Frederick, MD. The company was founded in 2002 with the vision of being highly recognized and admired for supporting customer missions through employee empowerment, exceptional services, and timely delivery. Edgewater Federal Solutions is ISO 9001, 20000-1, 270001 certified, appraised at CMMI Level 3 Maturity for Development and Services, and has been named in the Top Workplaces in the Greater Washington Area Companies since 2018.

EdgewaterFederal Solutions is an Equal Opportunity Employer. It has been and continues to be our policy to provide equal employment to all employees and applicants for employment without regard to race, color, religion, gender, national origin, age, disability, marital status, veteran status and/or other status protected by applicable law. #LI-KC1