Cyber Security SOC Manager

Clearance Level
None
Category
Cyber and IT Risk Management
Location
Bossier City, Louisiana
(Onsite Workplace)
Key Skills For Success

Information Security Operations

IT Leadership

Security Monitoring Operations

Security Operations

Splunk Administration

REQ#: RQ224382
Public Trust: Other
Requisition Type: Regular
Your Impact

Own your opportunity to support the missions that matter. From working with technologies like AI, cyber and cloud to careers in intelligence and health, we offer endless opportunities to apply your expertise to create a safer, smarter world while building new skills to propel your career forward.

Job Description

As the Cyber Security SOC Manager supporting VITA, this leader is the technical driver of the SOC's day-to-day operations and detection posture — architecting how the operation detects, responds, and improves, and keeping a finger on the pulse of the industry to know which tools and practices to integrate, replace, or retire.

This role partners with the Operations Manager on the SOC's broader strategic direction; the SOC Manager brings the technical and architectural point of view to that partnership rather than setting strategy unilaterally. They lead the Tier I–III analyst team and are accountable for team performance, shift coverage, analyst development, and SLA compliance. They partner with an embedded SOC Analyst, Tier III, as their senior execution arm, building against the standards and architecture the SOC Manager defines.

Deep hands-on command of Splunk is required, with strong working knowledge of Tenable and CrowdStrike used to design the SOC's detection pipeline, data model, and automation fabric. The SOC Manager is the senior escalation point for complex incidents and a credible customer interface — customer-facing, but grounded in technical authority rather than sales. Above all, this role drives measurable improvement: better performance, better reporting, fewer errors, lower cost where possible, and a more secure environment.

SOC Operations & Incident Response

  • Serve as senior escalation authority for complex, high-severity incidents; oversee containment and remediation, and ensure documentation and customer communication throughout the incident lifecycle.
  • Provide expertise with IOCs, TTPs, threat hunting, and threat intelligence; own customer-facing escalation and remediation.
  • Ensure the team recognizes intrusion attempts and triages, prioritizes, and escalates incidents per established runbooks.
  • Ensure detection of the full spectrum of known attacks (DDoS, malware, phishing, ransomware, and others) and correlation of events across capabilities.
  • Ensure malware analysis is reviewed and correlated across incidents, and that malicious activity is documented and reported with clear remediation recommendations.


Splunk & Detection — Manager Directs, Tier III Executes

  • Set the standards, priorities, and design for Splunk dashboards, reports, correlation searches, and alert actions that give analysts and leadership visibility into threat activity, SOC performance, and incident trends — the SOC Analyst, Tier III executes the build and maintenance.
  • Direct automated detection and correlation content that reduces analyst workload, cuts false positives, and speeds response to high-priority threats.
  • Oversee SPL searches, scheduled reports, and lookup-driven workflows; guide scripting (Python, PowerShell) that extends Splunk and supports automation.
  • Retain hands-on fluency in Splunk and CyberArk sufficient to direct the work credibly, validate quality, and step in when needed.

Detection Tuning & Compliance Alignment

  • Align detections and logging with frameworks and controls: NIST 800-53, NIST CSF, PCI DSS, HIPAA, and SOX as applicable to the customer environment.
  • Set the tuning strategy for use cases, correlation rules, and alert logic to raise fidelity and reduce noise across the SOC; the Tier III analyst implements the changes.

Automation & Scripting

  • Working knowledge of scripting (Python, PowerShell, or Bash) for automation, log parsing, and workflow integration — able to read and modify scripts to direct SOC automation.
  • Champion automation that cuts manual analyst burden, improves detection fidelity, and accelerates response, directing the Tier III analyst on implementation.

Team Leadership & SOC Management

  • Lead, supervise, and develop the Tier I–III team; manage shift scheduling, performance expectations, and career development — using the SOC Analyst, Tier III as the senior execution arm for the Manager's technical vision.
  • Own SOC SLA compliance and performance reporting; deliver operational metrics, trend analysis, and executive briefings to program leadership and the customer.
  • Serve as the primary customer interface; manage expectations, communicate incident status, and build trusted relationships with VITA stakeholders.
  • Drive continuous improvement across processes, runbooks, and playbooks; run post-incident retrospectives and apply lessons learned.

SOC Architecture & Continuous Improvement

  • Keep a finger on the pulse of the industry — continuously assess tools, platforms, and techniques for technical fit, and recommend what to integrate, replace, or retire across the detection and response stack.
  • Define the target-state SOC architecture — detection pipeline, data model, and automation fabric — and set the engineering standards the Tier III analyst executes against.
  • Partner with the Operations Manager on SOC strategy, contributing the technical and architectural perspective to shared strategic decisions rather than setting direction unilaterally.
  • Drive improvement by design: higher detection fidelity and performance, cleaner reporting, fewer manual errors, lower tooling and compute cost, and a stronger security posture.
  • Evaluate and prototype new capabilities before production; make build-vs-buy and integrate-vs-replace calls grounded in hands-on assessment.
  • Raise the team's engineering bar, mentoring analysts toward detection-engineering practices with the Tier III analyst as senior builder.


Required Qualifications

  • Education: BA/BS or equivalent
  • Experience: 5+ years of experience required in cybersecurity operations, including demonstrated supervisory or team-lead experience in a SOC environment. 8+ years of experience strongly preferred.
  • Splunk: Advanced SPL, dashboard development, automated alerting, and correlation-search creation in an operational SOC.
  • Tenable and CrowdStrike: Native data experience and interpretation skills, correlation with other data, and understanding of the integration with Splunk data and dashboards.
  • Must possess or be able to obtain within six months of start two of the following certifications to meet DoD 8140/DCWF CSSP Analyst requirements: CEH, CFR, CCNA Cyber Ops, CCNA-Security, CySA+, GCIA, GCIH, GICSP, Cloud+, SCYBER, or PenTest+.

Security Clearance Level: Must be able to pass a background check to obtain a position of Public Trust.

Location: On-site at GDIT's Integrated Technology Center in Bossier City, LA.


GDIT IS YOUR PLACE
At GDIT, the mission is our purpose, and our people are at the center of everything we do.


● Growth: AI-powered career tool that identifies career steps and learning opportunities
● Support: An internal mobility team focused on helping you achieve your career goals
● Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off
● Flexibility: Full-flex work week to own your priorities at work and at home
● Community: Award-winning culture of innovation and a military-friendly workplace

OWN YOUR OPPORTUNITY
Explore a career in cyber at GDIT and you’ll find endless opportunities to grow alongside colleagues who share your focus on defending and protecting what matters.

#GDITLA 

Work Requirements

Years of Experience

5 + years of related experience

* may vary based on technical training, certification(s), or degree

Certification

Certified CyberSec First Responder (CFR) | CertNexus - CertNexus

Certified Ethical Hacker (CEH) | EC-Council - EC-Council

CompTIA PenTest+ CE | CompTIA - CompTIA

Cisco Certified Network Professional (CCNP) Security | Cisco - Cisco

CompTIA Cybersecurity Analyst+ CE (CySA+) | CompTIA - CompTIA

Travel Required

Less than 10%

Salary and Benefit Information

The likely salary range for this position is $136,000 - $184,000. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.
View information about benefits and our total rewards program.

Our Identity Verification Process

As part of the hiring process, we will ask you to complete an identity verification process that leverages advanced biometrics and artificial intelligence to ensure authenticity and protect against identity fraud. You are expected to be on camera during virtual interviews. We reserve the right to take your picture to verify your identity and prevent fraud. By proceeding, you authorize the collection, processing, and use of your biometric data for identity verification and security purposes.

About Our Work

We are GDIT. A global technology and professional services company that delivers technology solutions and mission services to every major agency across the U.S. government, defense and intelligence community. Our 26,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50+ countries worldwide, offering leading mission-ready capabilities in AI, cloud, cyber and software development.

Join our Talent Community to stay up to date on our career opportunities and events at gdit.com/tc.

Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans