Security Operations Center (SOC) Manager
The Department of Education (DoED) Security Operations Center (SOC) is a US Government program responsible for monitoring, detecting, analyzing, mitigating, and responding to cyber threats against Department assets, networks, and information. The environment includes local area networks/wide area networks (LAN/WAN), commercial Internet connections, public facing websites, wireless, mobile/cellular, cloud, security devices, servers and workstations.
- Lead and manage a 24x7x365 Security Operations Center providing technical oversight.
- Lead staff to proactively identify, prevent and respond to security incidents.
- Ensure incident identification, assessment, quantification, reporting, communication, mitigation and monitoring.
- Ensure compliance to Service Level Agreements (SLA), process adherence and process improvisation to achieve operational objectives and mitigate threats.
- Revise and develop processes to strengthen the current operational activities; review policies and recommend changes to improve governance.
- Responsible for team management, personnel scheduling, overall use of resources and initiation of corrective action where required for Security Operations Center.
- Management, administration & maintenance of security devices under the purview of the Dept of Education.
- Perform threat management, threat modeling, identify threat vectors and develop use cases for security monitoring.
- Responsible for integration of standard and non-standard logs in SIEM
- Creation of reports, dashboards, metrics for SOC operations and presentation to client.
- Co-ordinate with stakeholders to build and maintain positive working relationship; this include subordinate SOCs supporting the organization.
Required education and Skills
Desired skills and certifications
- Bachelor of Science from accredited institution.
- Strong knowledge of incident management, problem management and change management best practices.
- Superior communication skills and ability to brief senior government officials.
- 3+ years of Information Security / Cybersecurity experience.
- 2+ years working in a security or network operations center.
- 2+ years in a leadership role.
- Experience networking and telecommunications integration, design and architecture.
- Hold at least one relevant industry certifications (GCIH, GCED, CISSP, CISA, CISM, etc.)
- Understanding of SIEM tools such as Splunk, ArcSight, RSA, McAfee ePO, etc.
- Experience building and maintaining a high performance team of analysts.
- Expertise with industry standard frameworks (ISO, NIST, PCI).
- Experience maintaining metrics and SLAs.