Security Operations Center Manager
Job Description
Company: Healthcare Outcomes Performance Co. (HOPCo)
Location: Phoenix, US
GENERAL STATEMENT OF DUTIES
The Security Operations Center (SOC) Manager is responsible for leading and maturing the organization’s cybersecurity monitoring and incident response capabilities. This role oversees 24/7 security operations, ensures effective detection and response to cyber threats, and drives continuous improvement of security tooling, processes, and analyst performance.
The SOC Manager will lead a team of security analysts and engineers (Tier 1–3), coordinate incident response activities, and partner cross-functionally with Infrastructure, Risk, Compliance, and Executive Leadership to protect enterprise systems, data, and operations. This role provides these services across all contracted and operational markets.
Essential Functions
• Lead the daily operations of the Security Operations Center, including oversight of 24/7 monitoring, triage, and escalation procedures.
• Develop and manage SOC staffing models, shift schedules, and on-call rotations to ensure continuous coverage.
• Establish, maintain, and continuously improve SOC policies, procedures, playbooks, and escalation matrices.
• Define, monitor, and report on SOC performance metrics including Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), alert fidelity, and analyst productivity.
• Oversee investigation and response to security incidents including malware, phishing, ransomware, insider threats, and advanced persistent threats.
• Serve as Incident Commander during high-severity security events, ensuring coordinated response and executive communication.
• Ensure accurate documentation, root cause analysis, and post-incident reporting for all security events.
• Lead cyber readiness exercises and tabletop simulations to improve organizational preparedness.
• Manage and optimize security monitoring technologies including SIEM, SOAR, EDR/XDR, IDS/IPS, and threat intelligence platforms.
• Ensure appropriate log ingestion, correlation rule tuning, and continuous enhancement of detection capabilities.
• Drive automation initiatives to improve response efficiency and reduce manual analyst workload.
• Partner with IT and infrastructure teams to prioritize vulnerability remediation based on risk, exploitability, and business impact.
• Align SOC operations with applicable regulatory and cybersecurity frameworks such as NIST CSF, ISO 27001, and industry-specific requirements.
• Hire, mentor, and develop SOC personnel, establishing career progression paths and conducting performance evaluations.
• Provide regular reporting to senior leadership on threat trends, risk posture, and security operations effectiveness.
• Translate technical findings into clear business risk language for executive and board-level audiences.
• Support internal and external audits, regulatory inquiries, and compliance reporting requirements.
EDUCATION
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent experience)
• Industry Standard Technical Certifications
• CISSP (preferred)
• CISM (preferred)
• CEH (required)
• Security+ (required)
Experience
• 8+ years of experience in cybersecurity operations.
• 3+ years of experience managing security teams, SOC functions and multi market/client environments (MSP)
• Experience leading incident response in enterprise environments.
• Hands-on experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar).
Requirements
• Strong understanding of threat detection, log analysis, and network security principles..
• Strong interpersonal and communication skills, with the ability to work effectively in a team environment.
• Detail-oriented and highly organized, with the ability to manage multiple projects simultaneously.
• Familiarity with industry standards, regulations, and best practices.
• Willingness to learn and adapt to new technologies and methodologies.
KNOWLEDGE
• SIEM and log management platforms
• EDR/XDR technologies (SentinelOne, Defender, CrowdStrike, KaseyaOne)
• Firewall and IDS/IPS technologies
• Cloud security monitoring (Azure, AWS, GCP)
• Threat intelligence platforms
• Vulnerability management tools (Nessus, Qualys)
• SOAR automation platforms
ENVIRONMENTAL WORKING CONDITIONS
• Standard office environment, most days at computer
• Requires travel but will be limited to as needed
PHYSICAL/MENTAL DEMANDS
• Requires sitting and standing associated with a normal office environment.
• Manual dexterity using a calculator and computer keyboard.
Organizational Requirements
• HOPCo Mission, Vision and Values must be acknowledged and adhered to
This description is intended to provide only basic guidelines for meeting job requirements. Responsibilities, knowledge, skills, abilities and working conditions may change as needs evolve.
Source: LinkedIn
