Cyber Security SOC Manager
Type of Requisition:
RegularClearance Level Must Currently Possess:
NoneClearance Level Must Be Able to Obtain:
NonePublic Trust/Other Required:
OtherJob Family:
Cyber and IT Risk ManagementJob Qualifications:
Skills:
Information Security Operations, IT Leadership, Security Monitoring Operations, Security Operations, Splunk AdministrationCertifications:
NoneExperience:
5 + years of related experienceUS Citizenship Required:
NoJob Description:
As the Cyber Security SOC Manager supporting VITA, this leader is the technical driver of the SOC's day-to-day operations and detection posture — architecting how the operation detects, responds, and improves, and keeping a finger on the pulse of the industry to know which tools and practices to integrate, replace, or retire.
This role partners with the Operations Manager on the SOC's broader strategic direction; the SOC Manager brings the technical and architectural point of view to that partnership rather than setting strategy unilaterally. They lead the Tier I–III analyst team and are accountable for team performance, shift coverage, analyst development, and SLA compliance. They partner with an embedded SOC Analyst, Tier III, as their senior execution arm, building against the standards and architecture the SOC Manager defines.
Deep hands-on command of Splunk is required, with strong working knowledge of Tenable and CrowdStrike used to design the SOC's detection pipeline, data model, and automation fabric. The SOC Manager is the senior escalation point for complex incidents and a credible customer interface — customer-facing, but grounded in technical authority rather than sales. Above all, this role drives measurable improvement: better performance, better reporting, fewer errors, lower cost where possible, and a more secure environment.
SOC Operations & Incident Response
- Serve as senior escalation authority for complex, high-severity incidents; oversee containment and remediation, and ensure documentation and customer communication throughout the incident lifecycle.
- Provide expertise with IOCs, TTPs, threat hunting, and threat intelligence; own customer-facing escalation and remediation.
- Ensure the team recognizes intrusion attempts and triages, prioritizes, and escalates incidents per established runbooks.
- Ensure detection of the full spectrum of known attacks (DDoS, malware, phishing, ransomware, and others) and correlation of events across capabilities.
- Ensure malware analysis is reviewed and correlated across incidents, and that malicious activity is documented and reported with clear remediation recommendations.
Splunk & Detection — Manager Directs, Tier III Executes
- Set the standards, priorities, and design for Splunk dashboards, reports, correlation searches, and alert actions that give analysts and leadership visibility into threat activity, SOC performance, and incident trends — the SOC Analyst, Tier III executes the build and maintenance.
- Direct automated detection and correlation content that reduces analyst workload, cuts false positives, and speeds response to high-priority threats.
- Oversee SPL searches, scheduled reports, and lookup-driven workflows; guide scripting (Python, PowerShell) that extends Splunk and supports automation.
- Retain hands-on fluency in Splunk and CyberArk sufficient to direct the work credibly, validate quality, and step in when needed.
Detection Tuning & Compliance Alignment
- Align detections and logging with frameworks and controls: NIST 800-53, NIST CSF, PCI DSS, HIPAA, and SOX as applicable to the customer environment.
- Set the tuning strategy for use cases, correlation rules, and alert logic to raise fidelity and reduce noise across the SOC; the Tier III analyst implements the changes.
Automation & Scripting
- Working knowledge of scripting (Python, PowerShell, or Bash) for automation, log parsing, and workflow integration — able to read and modify scripts to direct SOC automation.
- Champion automation that cuts manual analyst burden, improves detection fidelity, and accelerates response, directing the Tier III analyst on implementation.
Team Leadership & SOC Management
- Lead, supervise, and develop the Tier I–III team; manage shift scheduling, performance expectations, and career development — using the SOC Analyst, Tier III as the senior execution arm for the Manager's technical vision.
- Own SOC SLA compliance and performance reporting; deliver operational metrics, trend analysis, and executive briefings to program leadership and the customer.
- Serve as the primary customer interface; manage expectations, communicate incident status, and build trusted relationships with VITA stakeholders.
- Drive continuous improvement across processes, runbooks, and playbooks; run post-incident retrospectives and apply lessons learned.
SOC Architecture & Continuous Improvement
- Keep a finger on the pulse of the industry — continuously assess tools, platforms, and techniques for technical fit, and recommend what to integrate, replace, or retire across the detection and response stack.
- Define the target-state SOC architecture — detection pipeline, data model, and automation fabric — and set the engineering standards the Tier III analyst executes against.
- Partner with the Operations Manager on SOC strategy, contributing the technical and architectural perspective to shared strategic decisions rather than setting direction unilaterally.
- Drive improvement by design: higher detection fidelity and performance, cleaner reporting, fewer manual errors, lower tooling and compute cost, and a stronger security posture.
- Evaluate and prototype new capabilities before production; make build-vs-buy and integrate-vs-replace calls grounded in hands-on assessment.
- Raise the team's engineering bar, mentoring analysts toward detection-engineering practices with the Tier III analyst as senior builder.
Required Qualifications
- Education: BA/BS or equivalent
- Experience: 5+ years of experience required in cybersecurity operations, including demonstrated supervisory or team-lead experience in a SOC environment. 8+ years of experience strongly preferred.
- Splunk: Advanced SPL, dashboard development, automated alerting, and correlation-search creation in an operational SOC.
- Tenable and CrowdStrike: Native data experience and interpretation skills, correlation with other data, and understanding of the integration with Splunk data and dashboards.
- Must possess or be able to obtain within six months of start two of the following certifications to meet DoD 8140/DCWF CSSP Analyst requirements: CEH, CFR, CCNA Cyber Ops, CCNA-Security, CySA+, GCIA, GCIH, GICSP, Cloud+, SCYBER, or PenTest+.
Security Clearance Level: Must be able to pass a background check to obtain a position of Public Trust.
Location: On-site at GDIT's Integrated Technology Center in Bossier City, LA.
GDIT IS YOUR PLACE
At GDIT, the mission is our purpose, and our people are at the center of everything we do.
● Growth: AI-powered career tool that identifies career steps and learning opportunities
● Support: An internal mobility team focused on helping you achieve your career goals
● Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off
● Flexibility: Full-flex work week to own your priorities at work and at home
● Community: Award-winning culture of innovation and a military-friendly workplace
OWN YOUR OPPORTUNITY
Explore a career in cyber at GDIT and you’ll find endless opportunities to grow alongside colleagues who share your focus on defending and protecting what matters.
#GDITLA
The likely salary range for this position is $136,000 - $184,000. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.Scheduled Weekly Hours:
40Travel Required:
Less than 10%Telecommuting Options:
OnsiteWork Location:
USA LA Bossier CityAdditional Work Locations:
Total Rewards at GDIT:
Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.
Our Identity Verification Process:
As part of the hiring process, we will ask you to complete an identity verification process that leverages advanced biometrics and artificial intelligence to ensure authenticity and protect against identity fraud. You are expected to be on camera during virtual interviews. We reserve the right to take your picture to verify your identity and prevent fraud. By proceeding, you authorize the collection, processing, and use of your biometric data for identity verification and security purposes.
About Our Work:
We are GDIT. A global technology and professional services company that delivers technology solutions and mission services to every major agency across the U.S. government, defense and intelligence community. Our 26,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50+ countries worldwide, offering leading mission-ready capabilities in AI, cloud, cyber and software development.Join our Talent Community to stay up to date on our career opportunities and events atEqual Opportunity Employer / Individuals with Disabilities / Protected Veterans