SOC Operations Lead (Cybersecurity)

TL;DR

SOC Operations Lead (Cybersecurity): Overseeing 24x7x365 SOC and MDR operations for a large federal enterprise environment with an accent on security monitoring, alert triage, and incident coordination. Focus on directing operational workflows for SIEM/EDR platforms, developing SOC playbooks, and briefing executives on emerging threats.

Location: Must have experience supporting US federal civilian or DoD environments

Company

hirify.global provides specialized software and security operations services for large-scale federal enterprise environments.

What you will do

• Oversee 24x7x365 SOC and MDR operations supporting on-premises and cloud environments.
• Direct operational workflows for SIEM monitoring, alert management, incident coordination, and case management.
• Manage analyst teams utilizing Splunk, Microsoft Sentinel, CrowdStrike, Sysmon, and cloud telemetry platforms.
• Develop and maintain SOC SOPs, playbooks, runbooks, and escalation matrices.
• Lead operational metrics reporting including MTTD, MTTR, false positive rates, and automation effectiveness.
• Coordinate with Threat Hunting, CTI, and Detection Engineering teams and brief government leadership on significant incidents.

Requirements

• 10+ years of cybersecurity operations experience.
• 5+ years leading enterprise SOC or MDR environments.
• Experience supporting federal civilian or DoD environments.
• Experience managing large-scale operations with 10,000+ users and large SIEM deployments.
• Proficiency with Splunk Enterprise Security, Microsoft Sentinel, CrowdStrike, EDR/XDR, and SOAR technologies.
• Deep understanding of MITRE ATT&CK, incident response, and threat-informed defense.

Nice to have

• Certifications: CISSP, GCIA, GCIH, GMON, or GSOC.
• Splunk Architect/Admin or Microsoft Security certifications.