SOC Manager

Valiant Solutions is seeking a SOC Manager to join our rapidly growing and innovative cybersecurity team!

The SOC Manager leads the daily operations of the Security Operations Center and owns the end-to-end incident response mission for the client enterprise. This role directs Tier 1, Tier 2, and Tier 3 analysts across a 24x7x365 coverage model, sets the shift schedule, and ensures the SOC has the people, procedures, and tools in place to triage alerts. The SOC Manager owns the SOC documentation, including Standard Operating Procedures, Playbooks, and the Concept of Operations, and ensures that every incident is handled in compliance with NIST SP 800-61 and client incident-response SOPs. The SOC Manager coordinates containment, eradication, and recovery actions across SOC, engineering, and partner SOC teams, manages the SIEM notable events dashboard, and maintains the partner and Cloud Service Provider call tree that drives stakeholder notification during an incident.

Named one of the Best Places to Work in the Washington DC area for 12 consecutive years, Valiant is proud of our employee-centric culture and commitment to excellence. If you are interested in learning more about Valiant and this opportunity, we invite you to apply now!

Location: The SOC Manager will primarily work remotely but should be prepared to report on-site in the Washington, DC Metro area as needed. Remote work requires a high level of trust in our employees, and we strictly adhere to the details outlined in our Remote Work Policy below. 

Eligibility Requirements: U.S. Citizenship is required due to federal contract obligations, along with the ability to successfully pass a federal background investigation.

Required Experience:

• 8+ years of Information Technology experience, with at least four years dedicated to incident response.
• At least one of the following certifications: GCIH, GCFA, or GREM. Equivalent industry incident response certifications, such as CISSP, CISM, or CySA+, MAY be considered.
• Experience with SIEM, SOAR, EDR, CDM, and malware analysis.
• Demonstrated experience managing a Security Operations Center, including overseeing complex systems, multi-tier analyst teams, and 24x7x365 coverage models.
• Hands-on experience with SIEM, SOAR, and EDR platforms, including building and tuning notable event dashboards, correlation content, and automated response playbooks.
• Experience with Continuous Diagnostics and Mitigation (CDM) data feeds and the integration of CDM telemetry into SIEM for centralized visibility.
• Working knowledge of malware analysis workflows, including triage, sandbox detonation, and coordination with Tier 3 reverse engineering resources.
• Strong working knowledge of enterprise operating systems (Windows, Linux) and networking concepts, including TCP/IP, DNS, routing, firewalls, and proxy architectures.
• Hands-on experience with AWS native services and tools, including CloudTrail, GuardDuty, Security Hub, VPC Flow Logs, and IAM, in support of cloud incident detection and response.
• Working knowledge of NIST SP 800-61 (Computer Security Incident Handling Guide) and the ability to align SOC operations and reporting to its four-phase model.
• Familiarity with the MITRE ATT&CK framework and experience applying it to detection coverage assessments and post-incident reviews.
• Experience building and maintaining shift schedules, call trees, and stakeholder notification procedures that meet contractual notification timelines.
• Experience leading post-incident reviews, root cause analysis, and lessons-learned sessions, and translating findings into updated SOPs and playbooks.
• Strong written and verbal communication skills, including the ability to brief incident 
• Required to obtain and maintain a Non-Sensitive / High Risk (Public Trust) security clearance at the Tier 4/6c level.
• Must be available to support 24x7x365 SOC coverage, including on-call response and on-site presence at client Headquarters in Washington, DC as needed.

Responsibilities:

• Manage daily SOC activities, including building and maintaining shift schedules that sustain 24x7x365 coverage and ensure adequate staffing across Tier 1, Tier 2, and Tier 3 functions.
• Maintain all SOC documentation, including Standard Operating Procedures, Playbooks, and the SOC Concept of Operations, reviewing and updating them on the cadence required by the client SOC CONOPS.
• Manage Tier 1, Tier 2, and Tier 3 incident response operations, including alert triage, escalation, in-depth analysis, and advanced forensics.
• Coordinate containment, eradication, and recovery activities across SOC analysts, engineering teams, system owners, and partner SOCs.
• Lead post-incident reviews and root cause analysis sessions, document findings, and translate lessons learned into updates to playbooks, detection content, and SOPs.
• Ensure all incident response activities comply with NIST SP 800-61 and client incident response SOPs, and that reporting timelines are met.
• Manage the SIEM notable events dashboard, including reviewing detection coverage, false-positive rates, and analyst workload, and direct tuning activities to improve signal quality.
• Maintain the shift coverage schedule and ensure handoff procedures preserve situational awareness across rotations.
• Maintain the SOC call tree, including contact information for all partner organizations, Cloud Service Providers, and client stakeholders, and validate the call tree at least quarterly.
• Serve as the primary escalation point for high-severity incidents and lead cross-team coordination during active response.
• Track and report SOC performance metrics, including mean time to detect, mean time to respond, ticket volume by tier, and escalation rates, and present them to client SOC leadership.
• Coordinate with the Cyber Threat Intelligence and Cyber Hunt teams to incorporate new threat indicators and detection logic into SOC operations.
• Support inter-agency threat intelligence exchanges and partner SOC collaboration to align client response activities with national cybersecurity priorities.
• Develop and deliver training and knowledge transfer for SOC analysts on new SOPs, playbooks, tools, and detection content.
• Participate in the Engineering Review Board, Change Control Board, and other client governance reviews for SOC-related changes.
• Stay current on emerging adversary tactics, techniques, and procedures, and recommend improvements to the client's detection and response posture.

About Valiant Solutions

Valiant Solutions is a security-focused IT solutions provider with public clients nationwide. Named one of the fastest growing privately held companies by Inc. 5000, Washington Technology’s Fast 50, and Washington Business Journal’s Best Places to Work in the D.C. area, Valiant Solutions prides itself on providing its employees with great benefits and career development opportunities. As a company, we are just as committed to growing careers as we are to building world-class IT solutions, all while enjoying an unparalleled work-life balance. We are in a phase of tremendous growth and building the team that will take us to the next level. We seek people whose talents and accomplishments will contribute to a thriving company, who have the character to support their capacity, and can make a positive impact on our culture. Alongside our talented team, you’ll learn to think quickly on your feet and expand your own personal and professional skill set. Our management team will inspire you to consider new perspectives and challenge you to become a better practitioner in the fast-paced industry of IT security. We hire people we respect – and we trust them to deliver results leveraging their expertise. If you would enjoy working in a dynamic environment as part of a stellar team of professionals, then we invite you to apply online today.

Benefits Snapshot (includes, but not limited to)
Valiant pays 99% of the Medical, Dental, and Vision Coverage for Full-time Employees
Valiant contributes 25% towards Health Coverage for Family and Dependents
100% Paid Short Term Disability and Life Insurance Policy for Full-time Employees
100% Paid Certifications
401K Matching up to 4%
Paid Time Off
Paid Federal Holidays
Wellness & Fitness Program
Valiant University – Online Education and Training Portal
FSA programs for: Medical Costs, Dependent Care, Transit, and Parking
Referral Bonuses

Remote Work Policy 

Remote work necessitates a high level of trust in our employees. To ensure that employee performance does not suffer in a remote work environment, all employees who telecommute are expected to have a quiet and distraction-free workspace with adequate internet, dedicate their full attention and availability to their job duties during working hours, and maintain a schedule during core business hours that align with those of their coworkers and Valiant's clients. In alignment with Valiant's inclusive and engaging environment, cameras are encouraged and can be required to be on during virtual video conferences. Additionally, in alignment with the Office of the Inspector General’s effort to eliminate conflicting employment, all Valiant employees are required to disclose any current or future outside employment engagements. During onboarding and throughout employment, employees must disclose any current activities or intent to engage in outside employment or other professional activities and obtain written approval.  Employees may not solicit or conduct any outside business during core business hours for Valiant Solutions and our clients.

Equal Employment Opportunity

Valiant Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, genetic information, marital status, or veteran status, in accordance with applicable law.

Physical Demands

Sitting or standing at a desk for prolonged periods of time and consistent operation of a computer. Frequent communication and exchanging of accurate information via electronic communication, phones, and in person. Occasionally lift and/or move moderate amounts of weight, typically less than 20 pounds. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job.

Authorization to Share Resume and Personal Information

By submitting your resume for this position, you authorize Valiant Solutions to share your resume, as well as, personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should Valiant Solutions or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.

#LI-JM1