What are the responsibilities and job description for the ISSO, SOC Lead position at GovHire?
Security Lead
This person will be intellectually curious with relentless desire to learn the latest modern security operations control in the cloud (Azure/AWS) infrastructure platforms
This person will be intellectually curious with relentless desire to learn the latest modern security operations control in the cloud (Azure/AWS) infrastructure platforms
- Lead, mentor, and develop a high-performing Security Operations (SOC) team, ensuring 24/7 coverage and rapid incident response capabilities.
- Develop and maintain SOC policies, procedures, and playbooks to improve operational effectiveness and streamline response workflows.
- Conduct regular SOC maturity assessments and implement improvements to maintain cutting-edge operational standards.
- Oversee threat monitoring, detection, and response efforts, ensuring timely identification, containment, and remediation of cyber incidents.
- Continuously improve threat detection capabilities through the optimization of security tools, such as SIEM (Datadog, MS Defender), EDR, and threat intelligence platforms.
- Collaborate with security engineering and IT teams to ensure effective integration and configuration of SOC technologies, including IDS/IPS, firewalls, SIEM, and vulnerability management tools.
- Maintain a comprehensive understanding of regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS) and industry standards (e.g., ISO 27001, NIST).
- Lead regular SOC2 / ISO audits to ensure adherence to compliance standards and support audits by external bodies as necessary.
- Drive continuous improvement of SOC staff skills and knowledge through training, exercises, and industry certification support.
- Collaborate with other security functions, such as GRC (Governance, Risk, and Compliance), security architecture, and vulnerability management, to foster a cohesive security program
- Participate in project and scrum planning prioritization
- Manage/Implement periodic reporting KPI’s on platform performance, availability and efficiency
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience). A Master’s degree is a plus
- Minimum of 10 years of experience in information security, with at least 5 years in a SOC or security operations management role.
- Demonstrated experience in managing and developing SOC teams, including threat detection, incident response, and vulnerability management.
- Expertise in using and managing security tools (SIEM, EDR, IDS/IPS, firewalls) and threat intelligence platforms.
- Familiarity with cloud security (AWS, Azure, or GCP) and Kubernetes is a plus and preferred
- Expertise in using and managing security tools (SIEM, EDR, IDS/IPS, firewalls) and threat intelligence platforms, preferred experience in Datadog and Microsoft Defender.
- Fundamental understanding of basic networking concepts including VPN, DNS, Routing, Firewalls, and Load-Balancing
- Must have a passion for learning and strong desire to understand enterprise architecture and infrastructure design fundamentals
- Working knowledge of security concepts including access control, directory services, and authentication/integration (OAuth, SAML, and OpenID)
- Strong problem-solving skills, attention to detail, and self-learning initiative
- CISSP, CISM, or CISA; additional certifications in SOC operations or incident response (e.g., GCIA, GCIH, CSIRT)
