Job Title: SOC Manager/Team Lead
Position Type: Full Time- Permanent
Location: Franklin, TN
Position Overview
The SOC Team Lead or Manager leads the Security Operations Center team responsible for
24/7 on call monitoring, detection, analysis, and response to cybersecurity threats. This
role ensures operational excellence, team development, and alignment with compliance
frameworks such as NIST 800-171 and CMMC.
Key Responsibilities
Leadership & Operations
- Oversee daily SOC operations, including shift coverage, alert ticketing system,
vulnerability scanning, and incident response.
- Lead, mentor, and develop SOC analysts; provide coaching, feedback, and
escalation support.
- Manage SOC workflows, performance metrics, and service delivery KPIs.
- Serve as the escalation point for critical incidents and coordinate cross-functional
response.
- Manage vulnerability program to identify and remediate vulnerabilities across the
technology stack.
Technical & Incident Response
- Guide analysts through investigation, containment, and remediation activities.
- Ensure consistent use of SIEM, EDR, SOAR, and threat intelligence tools (e.g., Sumo
Logic, Defender, Microsoft 365).
- Refine detection rules, playbooks, and response procedures.
- Conduct threat intelligence and vulnerability management.
Compliance & Audit Readiness
- Execute and maintain security and compliance monitoring and audit functions.
- Support internal and client audits aligned with NIST 800-171, CMMC, and other
standards.
- Own audit and control functions, ensuring separation of duties and documentation
integrity.
- Support Client audits by providing artifacts and being interviewed.
- Maintain audit documentation suite and work with Clients to customize to their
needs.
Stakeholder Engagement
- Communicate incident details and SOC updates to internal and external
stakeholders.
- Support onboarding of new SOC clients, including tuning and baselining.
- Collaborate with support and development teams to support broader security
initiatives.
Program & Process Improvement
- Identify opportunities to improve SOC effectiveness, automation, and efficiency.
- Contribute to service maturity, including documentation, KPIs, and operational
standards.
- Conduct disaster recovery and incident response drills.
Required Qualifications
- Bachelor's Degree
- Eligible for a tier three security clearance
- 3–5+ years of leadership experience, including people management.
- Strong understanding of SIEM/EDR technologies, detection logic, and investigative
methodologies.
- Experience with regulated environments (e.g., DoD, DFARS/CMMC, NIST 800-171).
- Hands-on experience with log aggregation, malware analysis, incident response
and DevOps environments.
Preferred Skills & Certifications
- Experience with Sumo Logic and Microsoft 365.
- Certifications: Security+, CySA+, GCIH, GCIA, CISSP, CCA, CCP
- Familiarity with MDR/SOC service environments and client onboarding.
