Security Operations Center (SOC) Manager

Expression is currently seeking a highly technical, hands-on Security Operations Center (SOC) Manager with advanced skillsets in cybersecurity to develop and operate cybersecurity capabilities for a variety of federal customers. Candidates should have excellent written and oral communication skills, be able to work independently and as part of a team, with demonstrated leadership capabilities. Skills and experience in Cyber Operations, Security Event Analysis, Incident Response, Cyber Hunt, Forensics, Malware Analysis, and Cyber Threat Intelligence (skills in more than one cyber discipline are preferred) are required for this position. The ideal candidate will have hands-on experience supporting a 24x7x365 CSOC environment as an analyst or engineer, experience as a technical team lead within the SOC, and operations management experience. A solid understanding of cyber threats and information security in the domains of TTPs, Threat Actors, Campaigns, and Observables.Additionally, the ideal candidate would be familiar with intrusion detection systems, intrusion analysis, security information event management platforms, endpoint threat detection tools, and security operations ticket management. The SOC Manager is also tasked with developing and maturing SOC strategies, processes, and technologies, preparing executive-level reports on performance and threat trends, and collaborating with cross-functional teams to align security initiatives with business objectives, with a paramount focus on maintaining the integrity and confidentiality of organizational assets.LocationHybrid in Reston, VAClearance RequiredActive Top Secret clearance and SCI eligibility are requiredResponsibilitiesMaintain a 24x7x365 schedule and minimum-manning requirements.Construct and optimize operational workflows for 24x7 teams across multiple shifts.Develop, collect, analyze security operational metrics to optimize CSOC performance and minimize organizational risk.Serve as a technical Cyber SME, onsite task lead, and primary point of contact for customer.Lead efforts Planning, organization, scheduling and progress reporting of various projects.Develop technical cyber security solutions in response to customer requests or in support of proposal solution development.Support new Agile Defense engagements as transitional program or operations lead.Support documentation of all business and workflow processes in this area.Provides technical consultation in cyber security capability development.Acts as a subject-matter expert to multiple tasks and/or programs.Provide technical writing support in support of corporate response to RFPs/RFQs from various customersProviding operational oversight for all SOC activitiesManaging the entire incident response lifecycle as a senior escalation pointLeading the team through mentorship and professional developmentQualificationsBachelor’s degree in computer science, engineering, STEM or cybersecurityMinimum of 5 years of direct operational and program management experience in delivery of Cybersecurity program or related projects.Minimum of seven (7) years of professional experience with a solid understanding of incident response, insider threat investigations, digital forensics, and cyber threats.Minimum of 5-7 years of cybersecurity experience, with at least 5 years in a SOC leadership capacityIn-depth technical expertise in areas such as SIEM, EDR, and incident response methodologies is essential, coupled with a thorough understanding of network architectures and security controls.The ability to create insider threat focused dashboards, reports and workflow diagrams.Experience collecting data, chain of custody and reporting results; handling and escalating security issues or emergency situations appropriately; providing incident response capabilities to isolate and mitigate threats to maintain confidentiality, integrity, and availability for protected data.Experience with mentoring junior members in an open collaborative environment.Certified Information System Security Professional (CISSP)Preferred ExperienceOne of the following GCFA, GREM, GCIH, OSCP, GPEN, GFCE or equivalent preferred.BenefitsExpression offers highly competitive salaries, performance-based incentives, and additional benefits, such as:401k matchingPPO and HDHP medical/dental/vision insuranceEducation reimbursement up to $10,000/yrComplimentary life insurance15 days of PTO and 11 days of holiday leaveAbout ExpressionFounded in 1997 and headquartered in Washington, DC, Expression provides data fusion, data analytics, AI/ML, software engineering, information technology, and electromagnetic spectrum management solutions to the U.S. Department of Defense, Department of State, and national security community.Our culture emphasizes creating immediate and sustainable value for our clients through agile delivery of tailored solutions and constant engagement. We were ranked #1 on the Washington Technology Fast 50 list of fastest-growing small business Government contractors and recognized as a Top 20 Big Data Solutions Provider by CIO Review.At Expression, we ensure every team member has the tools and opportunities to grow while working with the newest technologies in the industry. We celebrate milestones, accomplishments, promotions, and collaborative achievements that make our workplace engaging and rewarding.Equal Employment Opportunity StatementExpression is an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.