SOC Manager

JOB SUMMARY: We are seeking an experienced SOC Manager to lead our internal security operations team and coordinate closely with our third-party 24/7 Managed Security Services Provider (MSSP). The SOC Manager will be responsible for overseeing Tier 2/3 incident response, maintaining strong day-to-day SOC processes, mentoring a team of security analysts, and driving continuous improvements in our detection, response, and threat-hunting capabilities. This role reports to the Director of Security Operations.

JOB ROLES AND RESPONSIBILITIES:

1. SOC Leadership & Management
2. Oversee the daily operations of the Security Operations Center, including all incident escalations from the MSSP's and other security alerts and tickets.
3. Lead and mentor a small team of security analysts, fostering a culture of collaboration and continuous learning.
4. Manage SOC staffing, training, and shift schedules (if applicable), ensuring appropriate coverage for critical alerts and incidents.
5. Incident Response & Escalation
6. Serve as the primary point of contact for all security incident escalations, working with the MSSP, internal analysts, and other stakeholders to contain and remediate threats.
7. Provide technical and procedural guidance during high-severity incidents, escalating to the Director of Security Operations or other executive leadership as needed.
8. Coordinate incident response activities with cross-functional teams (e.g., Technology, Legal, Talent, Marketing and Communications) to ensure timely containment and thorough root-cause analysis.
9. SOC Processes, Playbooks, and Documentation
10. Develop, maintain, and continuously improve SOC processes, runbooks, and incident response playbooks.
11. Ensure that the SOC meets defined service-level objectives for detection, escalation, and response times.
12. Work with GRC (Governance, Risk & Compliance) to ensure alignment with regulatory requirements, internal security policies, and audit standards.
13. Collaboration with Third-Party MSSP
14. Act as the primary liaison with the external 24/7 MSSP handling Tier 1 monitoring, ensuring clear escalation paths and well-defined SLAs.
15. Conduct regular service reviews with the MSSP, analyze performance metrics, and drive improvements to reduce false positives and enhance detection accuracy.
16. Detection & Threat Hunting Enhancement
17. Partner with internal detection engineers and threat intel/hunting resources to refine alerting logic and create new detection rules for emerging threats.
18. Champion the use of data analytics, automation, and playbook orchestration (e.g., via SOAR) to improve efficiency and reduce manual workloads.
19. Facilitate purple-team exercises or threat-hunting initiatives, ensuring that lessons learned translate into updated SOC processes and detection coverage.
20. Team Development & Training
21. Recruit, onboard, and develop talented security analysts, providing regular feedback and career growth opportunities.
22. Coordinate training sessions, tabletop exercises, and ongoing education to keep the SOC team current with evolving threats and technologies.
23. Foster a positive and collaborative environment that emphasizes knowledge-sharing, innovation, and continuous improvement.
24. Reporting & Metrics
25. Track and report on SOC KPIs and metrics (e.g., mean time to detect, mean time to respond, alert volumes, incident trends) to the Director of Security Operations and executive leadership.
26. Develop dashboards or reports that highlight SOC effectiveness, coverage gaps, and recommended improvements.
27. Provide budget recommendations for new tools, training, or staff needs based on data-driven insights.
28. Select, develop, and evaluate staff to ensure the efficient operation of department.
29. Collaborate, coordinate, and communicate across disciplines and departments.
30. Ensure compliance with HIPAA regulations and requirements.
31. Demonstrate Company's Core Competencies and values held within.
32. Please note due to the exposure of PHI sensitive data -- this role is considered to be a High Risk Role.
33. The position responsibilities outlined above are in no way to be construed as all encompassing. Other duties, responsibilities, and qualifications may be required and/or assigned as necessary.

JOB SCOPE:
Opportunity to shape and mature our SOC processes as part of a growing security program. A collaborative environment with cross-functional teams (GRC, Security Engineering, IAM) and executive support for cybersecurity initiatives.Ongoing professional development through industry conferences, training programs, and certifications. This is a people management job with authority for all HR actions (hiring, firing, discipline, training, etc.)

COMPENSATION:
The salary range for this position is 125k-150k. Specific offers take into account a candidate's education, experience and skills, as well as the candidate's work location and internal equity. This position is also eligible for health insurance, 401k and bonus opportunity.