AOUSC - SOC Operations Lead / Managed Detection & Response (MDR) Lead

Position Title SOC Operations Lead / Managed Detection & Response (MDR) Lead Position Overview The SOC Operations Lead will oversee 24x7x365 Security Operations Center (SOC) and Managed Detection & Response (MDR) operations supporting a large federal enterprise environment. The Lead will direct SOC analysts, incident responders, and MDR personnel responsible for security monitoring, alert triage, incident analysis, escalation, containment coordination, reporting, and continuous operational improvement. The ideal candidate possesses deep experience leading enterprise SOC operations supporting federal agencies, including SIEM operations, endpoint detection and response (EDR), cloud security monitoring, incident coordination, and executive cyber reporting.

Key Responsibilities

• Lead enterprise SOC and MDR operations supporting on-premises and cloud environments.
• Oversee 24x7 monitoring, detection, triage, and escalation activities.
• Direct operational workflows for:
• SIEM monitoring,
• alert management,
• incident coordination,
• case management,
• and operational reporting.
• Manage analyst teams supporting:
• Splunk,
• Microsoft Sentinel,
• CrowdStrike,
• Sysmon,
• Windows event logging,
• and cloud telemetry platforms.
• Develop and maintain SOC SOPs, playbooks, runbooks, escalation matrices, and reporting procedures.
• Lead operational metrics reporting including:
• MTTD,
• MTTR,
• false positive rates,
• automation effectiveness,
• analyst productivity,
• and incident impact assessments.
• Coordinate closely with Threat Hunting, CTI, Detection Engineering, and Incident Response teams.
• Brief executives and government leadership on significant incidents, operational trends, and emerging threats.
• Support proposal development, oral presentations, staffing, and transition planning.

Required Qualifications

• 10+ years of cybersecurity operations experience.
• 5+ years leading enterprise SOC or MDR environments.
• Experience supporting federal civilian or DoD environments.
• Experience managing large-scale SOC operations in environments exceeding:
• 10,000+ users,
• enterprise cloud environments,
• and large SIEM deployments.
• Experience with:
• Splunk Enterprise Security,
• Microsoft Sentinel,
• CrowdStrike,
• EDR/XDR platforms,
• SOAR technologies,
• and cloud security monitoring.
• Deep understanding of:
• MITRE ATT&CK,
• incident response,
• detection engineering,
• and threat-informed defense.
• Strong executive briefing and oral presentation skills.

Preferred Certifications

• CISSP
• GCIA
• GCIH
• GMON
• GSOC
• Splunk Architect/Admin certifications
• Microsoft Security certifications