SOC Manager

About the role

We are seeking an experienced and strategic manager to lead and scale our Security Operations Center (SOC). The ideal candidate will be a proven people leader with strong technical expertise in security operations, capable of driving operational excellence, managing a multi-tiered analyst team, and acting as the primary interface between the SOC and executive stakeholders. The SOC Manager will be responsible for SOC delivery, SLA performance across all client engagements, and will champion continuous improvement across people, processes, and technologies, with the ability to scale operations to a 24x7 model as the business evolves.

Key Roles & Responsibilities:

SOC Operations Leadership

• Own the end-to-end performance and delivery of the SOC across all shifts and analyst tiers (L1, L2, L3).
• Define, monitor, and enforce SLAs, KPIs, and OKRs across all client SOC engagements.
• Build and maintain SOC runbooks, playbooks, and standard operating procedures.
• Ensure continuous 24x7 SOC coverage through effective workforce planning and shift management.
• Serve as the final escalation point for high-severity incidents and critical client situations.

Team Management & Development

• Recruit, onboard, and retain a high-performing team of SOC analysts across L1, L2, and L3 levels.
• Conduct regular performance reviews, career development planning, and skills gap assessments.
• Provide coaching and mentorship to build a strong talent pipeline within the SOC.
• Foster a culture of accountability, continuous learning, and operational discipline.
• Manage team scheduling, leave planning, and capacity to ensure uninterrupted operations.

Incident Response Oversight

• Oversee the investigation and resolution of high-severity and P1 security incidents.
• Ensure incident response procedures — containment, eradication, and recovery — are consistently followed.
• Lead post-incident reviews and drive implementation of lessons learned across the team.
• Communicate incident status, impact, and remediation updates to client stakeholders and internal leadership.

Client & Stakeholder Management

• Act as the primary SOC point of contact for strategic client relationships.
• Deliver regular SOC performance reviews, threat landscape briefings, and security posture reports to client executives.
• Collaborate with client IT and security teams to ensure alignment on SOC scope and service effectiveness.
• Manage escalations and ensure client satisfaction through proactive communication and issue resolution.

Threat Intelligence & Threat Hunting Strategy

• Define and oversee the SOC threat intelligence program, ensuring operationalization of feeds across SIEM and detection tools.
• Direct proactive threat hunting initiatives and ensure findings feed back into detection engineering.
• Stay current on the evolving threat landscape and translate emerging attack techniques into actionable SOC improvements.

Security Tool & Technology Governance

• Oversee the selection, deployment, and optimization of security technologies including SIEM (XSIAM/Splunk/QRadar), EDR, XDR, SOAR, and threat intelligence platforms.
• Drive tool rationalization and ensure maximum value from the security technology stack.
• Partner with engineering and architecture teams to evaluate and onboard new tools as the threat landscape evolves.

Metrics, Reporting & Continuous Improvement

• Develop and maintain a comprehensive SOC metrics framework covering MTTR, MTTD, detection rates, false positive ratios, and SLA adherence.
• Produce executive-level and client-facing SOC performance reports on a regular cadence.
• Identify process gaps and lead initiatives to improve analyst efficiency, detection fidelity, and response times.
• Champion SOAR adoption and automation to reduce manual workload and accelerate response.

Compliance & Regulatory Governance

• Ensure SOC operations meet applicable compliance requirements (e.g., GDPR, HIPAA, PCI DSS, SOC 2, ISO 27001).
• Support client audit activities and produce compliance-relevant documentation and evidence.
• Maintain awareness of evolving regulatory requirements affecting security operations.

Cross-Functional Collaboration

• Partner with DFIR, Vulnerability Management, Network Security, and Cloud Security teams to deliver integrated security services.
• Collaborate with MSSPs, OEM vendors, and external threat intelligence partners to strengthen SOC capabilities.
• Work with sales and solution teams to support pre-sales activity, SOC capability presentations, and new client onboarding.

Budget & Resource Planning

• Contribute to SOC budget planning, headcount forecasting, and resource allocation decisions.
• Track and manage operational costs related to tooling, staffing, and third-party services.
• Identify and justify investments in new capabilities that improve security outcomes and operational efficiency.

 

 Basic Qualifications:

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• 8+ years of experience in information security, including experience leading SOC operations or teams.
• Strong hands-on experience with SOC operations, SIEM platforms (e.g., Splunk, QRadar), and incident response.
• Proven ability to manage client relationships and communicate effectively with both technical and executive stakeholders.
• Solid understanding of threat intelligence, threat hunting, and industry security frameworks (e.g., MITRE ATT&CK, NIST, CIS).

 

 Preferred Qualifications:

• Relevant certifications such as CISSP, CISM, GCIA, or GCIH.
• Experience with SIEM platforms (e.g., Splunk, XSIAM, QRadar) and security tooling.
• Experience with SOAR platforms and security automation.
• Knowledge of cloud security (AWS, Azure, GCP) and hybrid SOC environments.
• Experience in managed security services, including multi-tenant environments or pre-sales support.