SOC Supervisor

Job Summary

The SOC Supervisor steers day ‑ to ‑ day Security Operations Center activities in alignment with corporate security objectives and leading ‑ practice frameworks such as NISTCSF, MITREATT&CK and ITIL. Analysts and team leads are provided with the appropriate tools, well ‑ defined processes and up ‑ to ‑ date documentation to detect, investigate and respond to cyber ‑ threats around the clock, consistently meeting SLA/KPI targets and maintaining high customer ‑ satisfaction scores.

Responsibilities

The SOC Supervisor provides strategic and operational leadership to the Security Operations Center, directing a multidisciplinary team of analysts to deliver continuous threat monitoring, incident response and cyber‑defense services. The role aligns SOC capabilities with organizational objectives and recognized frameworks (ITIL, NIST CSF, MITRE ATT&CK), safeguards system availability and performance, and ensures service‑level and customer‑satisfaction targets are consistently achieved. Responsibilities include cultivating a high‑performance culture, standardizing and automating processes, optimizing tooling and runbooks, and serving as the principal liaison with clients and internal stakeholders to communicate risk posture, performance metrics and improvement initiatives.

• Oversee continuous tracking of security events and alerts using SIEM tools.
• Analyze and correlate security data to identify potential threats and vulnerabilities.
• Ensure timely and accurate detection of security incidents to maintain high system availability and security posture.
• Lead the SOC team in responding to security incidents, ensuring effective containment, eradication, and recovery.
• Act as Incident Manager for major incident outages, coordinating cross-functional responses.
• Work closely with and in support of the IT Operations Center, Service Desk, Engineering team and vendors to expedite issue resolution.
• Develop and implement incident response plans, playbooks, and standard operating procedures (SOPs).
• Coordinate with external partners, law enforcement, and other stakeholders during major security incidents.
• Perform analysis and reporting of different metrics related to team performance and incident handling.
• Prepare comprehensive reports, metrics, and presentations for senior management and stakeholders.
• Identify opportunities for automation and process improvement to enhance the SOC’s operational efficiency.
• Support the overall management and process improvements for SOC in accordance with company goals.
• Implement and manage automated workflows, scripts, and tools to streamline security operations and incident response.
• Maintain detailed and accurate documentation of security incidents, response actions, and lessons learned.
• Contribute to the development and enhancement of Standard Operational Procedure (SOP) documentation and security policies.
• Contribute to the hiring, mentoring, performance management and retention of staff.
• Follow up team members yearly goals.
• Conducts monthly, midyear and annual reviews.
• Receives services for onboard clients and ensures the team can deliver the support.
• Serve as backup for Security Operation Center analysts as needed.
  
  
  

Skills And ExperienceEducation:Technical Competencies:Personal Competencies:Language Skills:

• Experience:
• Minimum of 4 years working experience in a security operations center (SOC), network operations center, or a related field.
• Minimum of 3 years working experience in supervising or managing a team of 5 or more individuals (Nice to Have).
• Experience with the basic administration of Windows servers (v. 2019-2025), including a fundamental understanding of security infrastructure.
• Intermediate‑level knowledge of administering and securing workloads in both MicrosoftAzure and Amazon Web Services (AWS) environments is required.
• Experience in incident response, threat detection, and security monitoring.
• A bachelor's degree in computer science, Industrial Engineering, Information Technology, or related fields. Alternatively, a minimum of five years of equivalent working experience.
• Have at least one of the following certifications: GIAC Certified Incident Handler, Microsoft (AZ-500, SC-200 or SC-300), AWS (Security Specialty), EC-Council (Ethical Hacker, Network Defense) or similar certification.
• Additional certifications are advantageous.
• Knowledge of or training in best practices or IT frameworks, such as ITIL. ITIL Certified (Nice to Have).
• Patching Management: Good understanding of patching management best practices.
• Security Monitoring Tools: Proficient in using and managing SIEM tools (e.g., MS Sentinel, Wazuh) and other security monitoring applications.
• Incident Response: Understanding of incident response processes and security incident management.
• Security Frameworks: Familiarity with security frameworks and standards (e.g., NIST CSF, ISO 27001, MITRE ATT&CK).
• Active Directory Services: Knowledge of Active Directory and its security implications.
• Cloud Computing: Familiarity with cloud computing concepts and basic security operations in cloud environments (e.g., AWS, Azure).
• Virtualization Technologies: Understanding of virtualization technologies (e.g., VMware).
• Email Security: Familiarity with MS Office 365 and email security applications.
• Virtualization and Server Administration: Basic knowledge of Windows Server (2012-2019) and Linux administration.
• Disaster Recovery: Basic knowledge of disaster recovery techniques and business continuity planning.
• Excellent written, verbal, and interpersonal skills.
• Knowledge of threat intelligence lifecycle stages, including collection, analysis, and dissemination. Experience integrating threat intelligence feeds into SIEMs and other security tools to improve detection and response.
• Familiarity with emerging threat actor tactics and the ability to map TTPs to frameworks such as MITRE ATT&CK to enhance defense strategies.
• Proficiency in using threat intelligence platforms (e.g., ThreatConnect, Recorded Future) and leveraging both commercial and open-source threat intelligence feeds to identify and mitigate current and emerging threats.
• Effectively lead and motivate a team in charge of responding to a 24/7 operation with high peaks of workload.
• Actively seeks ways to help clients and ensures a positive customer experience.
• Listens and communicates clearly to support organizational objectives.
• Uses logic and reasoning to identify the strengths and weaknesses of alternative solutions, conclusions, or approaches to problems.
• Demonstrates honesty and adheres to strong moral principles in all professional interactions.
• Actively collaborates with team members to achieve a common goal or complete tasks effectively and efficiently.
• Demonstrates the ability to adapt to changed circumstances or environments, learning from experience to improve competitiveness.
• Possess the capacity to understand and analyze situations when multiple issues or tasks arise simultaneously, working in the correct order based on impact and urgency.
• Exhibits ability to provide clear, concise, & constructive feedback for growth & development to direct & indirect reports on a regular basis.
• Demonstrates ability to work independently and in a group to produce successful results.
• Proficiency in English and Spanish (Oral and writing at 85% or higher), with a minimum of C1 level proficiency in both languages being a requirement.