Senior manager – soc operations

Job Description : Senior Manager – SOC Operations

Role Overview

We are seeking an experienced, hands-on Senior Manager to lead our Security Operations Center (SOC). The ideal candidate will bring deep technical expertise, proven leadership experience, and a track record of building, optimizing, and maturing SOC functions. This individual will play a critical role in enhancing our security posture, driving automation and innovation, and ensuring 24 / 7 monitoring, detection, and response capabilities.

Experience Required : 10+ years in Security Operations Center (SOC) roles

Key Responsibilities

SOC Leadership & Operations

Lead and manage a multi-tiered SOC team, overseeing daily monitoring, alert analysis, incident response, and threat hunting operations.

Define and implement SOC strategy aligned with organizational risk appetite, business objectives, and compliance requirements.

Act as the primary point of contact for internal stakeholders, external clients, auditors, and technology vendors.

SIEM & Logging Architecture

Oversee design, deployment, and optimization of SIEM solutions, including custom log collector development (Python) and log integration from diverse sources.

Architect and maintain robust logging and auditing frameworks to ensure comprehensive security visibility and forensic readiness.

Use Case & Content Engineering

Direct the creation, finetuning, and management of SOC use cases : detection rules, threat hunting queries, dashboards, and reports.

Implement MITRE ATT&CK Framework for adversary mapping, threat modeling, and continuous improvement of detection logic.

SOAR & Automation

Lead SOAR tool design, deployment, and ongoing tuning, including automated playbook and workflow development.

Leverage AI / ML (LLM agentic frameworks) to automate alert triage, analysis, and investigation processes.

Create, optimize, and document SOC automation scripts (primarily in Python) for log collection, enrichment, and task orchestration.

Incident Management & Forensics

Oversee all phases of incident response, from alert triage through investigation and resolution.

Develop and maintain comprehensive SOPs for alert analysis and incident investigation.

Lead forensic investigations of major breaches, ensuring timely root cause analysis and SLA-driven incident reporting.

Compliance & Audit

Align SOC operations with NIST, ISO 27001, and PCI DSS standards.

Prepare for, participate in, and support internal and external audits; ensure timely closure of findings and continuous compliance.

Conduct regular assessments of security controls, participate in BAS / Red Team activities, and drive remediation initiatives.

Training & Team Development

Mentor and develop SOC analysts, engineers, and leads; foster a culture of continuous improvement and knowledge sharing.

Conduct regular training sessions on alert analysis, investigation methodologies, and risk mitigation strategies.

Stakeholder Engagement

Liaise with business leaders, IT teams, and clients to understand requirements, communicate risks, and provide regular status updates.

Serve as the escalation point for critical incidents and operational issues.

Technology Evaluation & Risk Management

Evaluate, select, and review security tools for SOC operations.

Maintain high scores on security risk management platforms (e.g., Bit Sight, Security Scorecard) through proactive risk mitigation.

Required Skills & Experience

10+ years in SOC roles : Analyst, SOC Engineer, Lead, and Manager.

Deep expertise in SIEM , logging / auditing , and custom log collection (Python scripting).

Hands-on experience with SOAR tools , automation workflow design, and playbook development.

Advanced knowledge of use case engineering , MITRE ATT&CK implementation, and detection logic finetuning.

Proven ability to develop, implement, and improve alert / incident SOPs.

Demonstrated success in forensic investigations and incident reporting.

Strong track record in supporting and passing internal and external audits.

Working knowledge of NIST, ISO27001, PCI DSS compliance.

Experience administering BAS tools , conducting Red Team assessments, and developing remediation strategies.

Excellent programming skills in Python for SOC automation and enrichment.

Experience with AI / ML / LLM-based security automation is highly desirable.

Strong communication, leadership, and stakeholder management skills.

Certifications (Preferred)

CISSP, CISM, or equivalent

SANS GIAC (GCIA, GCFA, GCIH) or similar

ISO 27001 Lead Implementer / Auditor

Azure / AWS Security certifications