SOC Manager

About Peraton

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees solve the most daunting challenges that our customers face. Visit peraton.com to learn how we're keeping people around the world safe and secure.

About The Role

Peraton is seeking a SOC Manager. The successful candidate will be responsible for the overall management and operation of the Security Operations Center (SOC), ensuring the effective detection, analysis, and response to cybersecurity incidents. Lead and manage a team of SOC analysts, providing guidance on incident detection, triage, and escalation procedures. Develop and maintain SOC procedures, playbooks, and training materials to improve the team's effectiveness and efficiency. Oversee the continuous monitoring of security systems and networks, ensuring the timely identification and response to security alerts. Manage and coordinate response activities, working with internal and external stakeholders to mitigate and eliminate cyber threats. Responsible for ensuring Government is informed on all SOC-related events.

What You'll Do:

• SOC Management and Operations Oversight: Oversee the daily operations of the Security Operations Center (SOC), ensuring the effective execution of cybersecurity monitoring, detection, response, and reporting activities.
• Team Leadership and Mentorship: Lead and manage a team of SOC analysts, providing guidance, mentorship, and support on incident detection, triage, escalation, and mitigation processes. Conduct performance assessments and identify professional development opportunities for SOC team members.
• Incident Detection and Analysis: Monitor and analyze cybersecurity events to identify anomalies, threats, and potential compromises using security tools such as SIEM, IDS/IPS, and EDR solutions. Identify and report on indicators of compromise (IOCs) while adhering to established escalation protocols.
• Incident Response Coordination: Manage and coordinate incident response activities, including containment, eradication, and recovery, while ensuring proper documentation of actions. Collaborate with internal stakeholders (e.g., IT teams, system owners) and external constituents (e.g., vendors, law enforcement, or intelligence agencies) during incident response efforts.
• SOC Policies and Playbook Development: Develop, review, and maintain SOC standard operating procedures (SOPs), playbooks, and runbooks to streamline incident response and escalation processes. Ensure all SOC-related documentation reflects current threats and technologies.
• Security Systems and Network Monitoring: Oversee continuous monitoring of networks, systems, and endpoints to identify and respond to security alerts in a timely manner. Optimize security tool configurations and automated workflows to improve threat detection capabilities.
• Risk and Threat Management: Evaluate security posture by analyzing threat intelligence, attack patterns, and system vulnerabilities to identify and mitigate weak points in the organization's defense. Lead efforts to improve SOC detection and response capabilities by evaluating and adopting cutting-edge tools and processes.
• Security Event Reporting to Government Stakeholders: Ensure timely reporting of all SOC-related events, incidents, and threat intelligence findings to government leadership and stakeholders. Provide actionable recommendations to address vulnerabilities, mitigate threats, and strengthen cybersecurity postures.
• Training and Cybersecurity Awareness Initiatives: Conduct SOC team training to improve response techniques, threat-hunting abilities, and awareness of emerging cyber threats and vulnerabilities. Promote cybersecurity awareness and defensive best practices across the organization.
• Continuous Improvement and Post-Incident Review: Lead post-incident reviews to evaluate the effectiveness of the SOC response, identify lessons learned, and integrate improvements into future operations. Provide feedback to leadership on SOC performance metrics and resources needed for optimization.

Knowledge, Skills, and Abilities

• Expertise in Incident Detection and Response: Comprehensive knowledge of incident detection, triage, investigation, escalation, and response processes, including experience with containment, eradication, and recovery procedures.
• Advanced Understanding of Cybersecurity Tools and Technologies: Proficiency with security tools such as Security Information and Event Management (SIEM) systems, Intrusion Detection and Prevention Systems (IDS/IPS), Endpoint Detection and Response (EDR) tools, and firewalls.
• Threat Intelligence and Cyber Threat Hunting Skills: Ability to analyze threat intelligence and identify attack methods, indicators of compromise (IOCs), and tactics, techniques, and procedures (TTPs) used by adversaries.
• Strong Leadership and Team Management Skills: Proven ability to lead and mentor a team of SOC analysts, providing guidance, performance feedback, and professional development opportunities.
• Knowledge of Networking and System Security: In-depth knowledge of network architectures, protocols (e.g., TCP/IP, DNS, HTTPS), and operating systems (Windows, Linux, macOS), including securing and monitoring these environments.
• Familiarity with Cybersecurity Frameworks and Standards: Knowledge of cybersecurity frameworks (e.g., NIST Cybersecurity Framework, MITRE ATT&CK, ISO 27001) and how to apply them to SOC operations.
• Policy Development and Process Optimization: Skill in developing and maintaining SOC playbooks, Standard Operating Procedures (SOPs), and policies to improve SOC operational efficiency and effectiveness.
• Effective Communication and Reporting Skills: Ability to clearly communicate complex technical information (e.g., incident findings and risk assessments) to non-technical stakeholders, leadership, and external partners.
• Analytical and Problem-Solving Abilities: Strong analytical skills for identifying trends, correlating security data, and solving complex cybersecurity challenges to improve organizational defense.
• Continuous Learning and Threat Adaptability: Demonstrated ability to stay current on evolving cybersecurity threats, tools, and best practices, adapting to new challenges and proactively improving defensive measures.

Qualifications

Required Qualifications

• Min 8 years with BS/BA, Min 6 years with MS/MA, Min 3 years with PhD, 12 years with HS diploma
• Must be a US Citizen
• Must have active Secret Clearance
• Experience in progressively more complex roles in cybersecurity operations or analysis and/or incident response
• 8140 DCWF Work Role 511 Certification (Sec+, CCNA, CySA+, GIAC)

Desired Qualifications

• Certified Ethical Hacker (CEH)
• GIAC Certified Incident Handler (GCIH)
• GIAC Security Operations Certified (GSOC)
• CompTIA Advanced Security Practitioner (CASP+)
• Certified Information Security Manager (CISM)
• AWS Certified Security - Specialty or Microsoft Certified: Azure Security Engineer Associate: Relevant if managing systems in hybrid or cloud environments.
• Cyber Threat Intelligence (CTI) Cert or MITRE ATT&CK™ Defender (MAD)
• Demonstrates specialized knowledge in threat intelligence analysis and mapping frameworks.
• Advanced Threat Intelligence Knowledge. Experience working with and integrating threat intelligence platforms and frameworks into SOC operations.
• Automation and Scripting Skills. Knowledge of scripting languages like Python, PowerShell, or Bash for automating routine SOC tasks and custom threat detection rules.
• Strategic Thinking and Risk Management. Ability to assess current threats and vulnerabilities, prioritize organizational risks, and drive proactive mitigation strategies.
• Strong interpersonal and communication skills to relay real-time incident updates and foster collaboration between SOC teams and other organizational units.
• Experience with Federal and DoD Systems: Familiarity with compliance requirements and operational environments specific to the Department of Defense (e.g., DISA STIGs, FedRAMP, RMF).

Details

Target Salary Range: $146,000 - $234,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual's experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.

Benefits Statement: Peraton offers eligible employees a variety of benefits including medical, dental, vision, life, health savings account, short/long term disability, EAP, parental leave, 401(k), paid time off (PTO) for vacation, and company paid holidays. A full listing of available benefits can be viewed at https://www.careers.peraton.com/benefits.

Application Statements: The application period for the job is estimated to be 30 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates. By applying to this job, you are expressing interest in the role and the Company. During the review of your application, you may be required to participate in an on-camera interview, as well as participate in a process to verify your identity.

EEO:Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.