ICF
Security Operations Center (SOC) Manager (Clearance Required) - Future Opportuni
ICF, San Jose, California, United States, 95199
Overview
ICF is seeking an experienced Security Operations Center (SOC) Manager to support a Defense Human Resources Activity (DHRA) cybersecurity program. In this role, you will oversee 24/7 SOC operations, lead a team of analysts performing detection, triage, and escalation, and ensure effective coordination of incident response activities. The SOC Manager develops playbooks, implements monitoring and reporting procedures, and provides regular situational awareness updates to Government stakeholders to strengthen the agency’s cyber defense posture. This position will be based onsite in Seaside, CA. What You’ll Do
Manage day-to-day SOC operations, ensuring continuous monitoring of DHRA networks and systems for security events and anomalies. Lead SOC analysts performing event detection, triage, escalation, and coordination with incident response teams. Develop, implement, and maintain SOC standard operating procedures (SOPs), playbooks, and escalation protocols. Ensure timely and accurate analysis of alerts from SIEM, endpoint, and network monitoring tools. Coordinate with cybersecurity, IT operations, and RMF teams to ensure an integrated defense posture and rapid response to incidents. Oversee SOC training programs, ensuring analyst proficiency in threat detection, correlation, and response processes. Conduct root-cause and trend analysis on incidents to identify systemic vulnerabilities and areas for improvement. Prepare daily, weekly, and monthly operational reports and briefings for Government stakeholders. Advise leadership on emerging threats, attack trends, and SOC performance metrics. Drive continuous improvement of monitoring coverage, use cases, and automation within SOC tools and workflows. Required Qualifications
Bachelor’s degree is required 10 years of experience in cybersecurity operations, analysis, and/or incident response, including at least 3 years in a supervisory or team lead capacity. Active DoD security clearance. US Citizenship required by federal contract. One of the following certifications:
CBROPS CFR CySA+ GCFA GCIA GICSP Elastic/Splunk certifications
Desired Qualifications
Master’s degree in cybersecurity, information systems, or a related technical field. Demonstrated expertise managing SOC or NOC operations in a DoD or Federal environment. Experience with SIEM, IDS/IPS, endpoint detection, and incident response tools. Proven ability to coordinate cross-functional teams during incident response and recovery. Experience managing a 24/7 SOC supporting DoD, IC, or federal missions. Familiarity with tools such as Splunk, ArcSight, Elastic, Tenable, and SOAR platforms. Knowledge of MITRE ATT&CK, DoD Cyber Threat Framework, and NIST 800-61 (Computer Security Incident Handling Guide). Experience implementing SOC metrics, KPIs, and automation strategies. Strong leadership, communication, and presentation skills, with the ability to brief senior Government officials. Pay and Benefits
The pay range for this position based on full-time employment is: $130,037.00 - $221,063.00 California Client Office (CA88). We are an equal opportunity employer. Reasonable Accommodations are available, including for disabled veterans, individuals with disabilities, and individuals with sincerely held religious beliefs in all phases of the application and employment process. To request an accommodation, please email candidateaccommodation@icf.com. All information you provide will be kept confidential and will be used only to provide needed reasonable accommodations.
#J-18808-Ljbffr
ICF is seeking an experienced Security Operations Center (SOC) Manager to support a Defense Human Resources Activity (DHRA) cybersecurity program. In this role, you will oversee 24/7 SOC operations, lead a team of analysts performing detection, triage, and escalation, and ensure effective coordination of incident response activities. The SOC Manager develops playbooks, implements monitoring and reporting procedures, and provides regular situational awareness updates to Government stakeholders to strengthen the agency’s cyber defense posture. This position will be based onsite in Seaside, CA. What You’ll Do
Manage day-to-day SOC operations, ensuring continuous monitoring of DHRA networks and systems for security events and anomalies. Lead SOC analysts performing event detection, triage, escalation, and coordination with incident response teams. Develop, implement, and maintain SOC standard operating procedures (SOPs), playbooks, and escalation protocols. Ensure timely and accurate analysis of alerts from SIEM, endpoint, and network monitoring tools. Coordinate with cybersecurity, IT operations, and RMF teams to ensure an integrated defense posture and rapid response to incidents. Oversee SOC training programs, ensuring analyst proficiency in threat detection, correlation, and response processes. Conduct root-cause and trend analysis on incidents to identify systemic vulnerabilities and areas for improvement. Prepare daily, weekly, and monthly operational reports and briefings for Government stakeholders. Advise leadership on emerging threats, attack trends, and SOC performance metrics. Drive continuous improvement of monitoring coverage, use cases, and automation within SOC tools and workflows. Required Qualifications
Bachelor’s degree is required 10 years of experience in cybersecurity operations, analysis, and/or incident response, including at least 3 years in a supervisory or team lead capacity. Active DoD security clearance. US Citizenship required by federal contract. One of the following certifications:
CBROPS CFR CySA+ GCFA GCIA GICSP Elastic/Splunk certifications
Desired Qualifications
Master’s degree in cybersecurity, information systems, or a related technical field. Demonstrated expertise managing SOC or NOC operations in a DoD or Federal environment. Experience with SIEM, IDS/IPS, endpoint detection, and incident response tools. Proven ability to coordinate cross-functional teams during incident response and recovery. Experience managing a 24/7 SOC supporting DoD, IC, or federal missions. Familiarity with tools such as Splunk, ArcSight, Elastic, Tenable, and SOAR platforms. Knowledge of MITRE ATT&CK, DoD Cyber Threat Framework, and NIST 800-61 (Computer Security Incident Handling Guide). Experience implementing SOC metrics, KPIs, and automation strategies. Strong leadership, communication, and presentation skills, with the ability to brief senior Government officials. Pay and Benefits
The pay range for this position based on full-time employment is: $130,037.00 - $221,063.00 California Client Office (CA88). We are an equal opportunity employer. Reasonable Accommodations are available, including for disabled veterans, individuals with disabilities, and individuals with sincerely held religious beliefs in all phases of the application and employment process. To request an accommodation, please email candidateaccommodation@icf.com. All information you provide will be kept confidential and will be used only to provide needed reasonable accommodations.
#J-18808-Ljbffr