SOC Manager

The Security Operations Center (SOC) Manager is responsible for leading and maturing a 24x7 enterprise SOC supporting a global Fortune 500 organization. This role oversees a geographically dispersed team of security analysts responsible for threat detection & response. 

The SOC Manager provides strategic and operational leadership, ensuring rapid detection and response to cyber threats while continuously improving people, process, and technology. This role partners closely with other teams in the information security organization as well as with IT, risk management, legal, privacy, and business leaders to protect the organization from evolving cyber risks. 

• Role is based in Jacksonville, Florida, with interaction across global teams and time zones 
• Participation in major incident response activities outside standard business hours may be required 
• Rarely, travel may be required to support team engagement or leadership meetings 

• Lead, mentor, and develop a geographically distributed SOC team, including analysts across multiple shifts and regions 
• Drive a culture of accountability, continuous improvement, and operational excellence 
• Define roles, skill sets, training paths, and career development plans for SOC staff 
• Manage staffing models to support 24x7 operations, including managing on‑call rotations 

• Oversee daily SOC operations, including monitoring, triage, investigation, containment, and remediation of security incidents 
• Ensure consistent execution of response playbooks and standard operating procedures 
• Coordinate cross‑functional response efforts with DFIR, IT, legal, privacy, HR, and communications teams 

• Ensure effective use and continuous improvement of security tooling such as SIEM, XDR, NDR, and threat intelligence platforms 
• Drive enhancements to detection use cases, alert fidelity, and automation 
• Evaluate emerging threats and attacker techniques and translate intelligence into actionable detection strategies 

• Define and track SOC KPIs and metrics (e.g., MTTD, MTTR, alert quality, coverage) 
• Provide clear, concise reporting to executive leadership on SOC performance, risk posture, and incident trends 
• Ensure SOC operations align with internal policies, regulatory requirements, and industry frameworks (e.g., NIST) 

• Develop and execute a multi‑year SOC maturity roadmap aligned to business and risk priorities 
• Identify opportunities for process optimization, automation, and technology improvements 
• Participate in vendor evaluation, tool selection, and budget planning related to SOC capabilities 
• Support audits, tabletop exercises, and purple team activities 

• Bachelor’s degree in Information Security, Computer Science, or a related field, or equivalent practical experience 
• 8+ years of experience in cybersecurity operations, incident response, or threat detection 
• 3+ years of experience managing security teams or leading SOC operations 
• Hands‑on experience with enterprise security tools (SIEM, EDR/XDR, and threat intelligence platforms) 
• Strong understanding of attacker tactics, techniques, and procedures (TTPs) 
• Proven ability to lead teams in high‑pressure, time‑sensitive environments 
• Excellent communication skills with the ability to brief technical and non‑technical stakeholders 

• Experience operating a SOC in a large, complex, or regulated enterprise environment 
• Relevant certifications such as CISSP, CISM, GCED, GCIH, or equivalent 
• Familiarity with cloud security operations (AWS, Azure, GCP) 
• Experience managing globally distributed or follow‑the‑sun SOC models 
• Prior experience supporting executive‑level incident communications