SOC Shift Lead

Job Description

Company: K&A Technologies LLC

Location: Washington, US

Company Description

K&A Technologies LLC is a small business dedicated to providing top-tier cybersecurity and mission IT support for federal customers. We specialize in enhancing cyber defense operations, improving security visibility, and supporting critical technology environments. Our services range from SOC operations and incident response coordination to risk management and IT operational support, underpinned by practical technical expertise and a mission-focused approach.

Committed to reliability and quality, we help government clients protect their systems, optimize performance, and meet evolving cybersecurity requirements.

Position Overview

K&A Technologies LLC is seeking a Resource Manager to support a 24/7 Security Operations Center.

The Resource

Manager will oversee SOC analysts, support alert triage and escalation, review incident reports for quality and completeness, and help ensure cyber events are investigated, documented, and resolved in accordance with operational requirements.

This role requires a strong technical SOC background, hands-on experience with Splunk/SPL, and the ability to lead analysts through security investigations while maintaining high standards for accuracy, timeliness, and reporting quality.

Key Responsibilities

Lead and oversee SOC analyst activity during assigned shift coverage.

Review security alerts, analyst investigations, incident reports, incident narratives, and escalation documentation for quality and completeness.

Ensure alerts are triaged, documented, escalated, and dispositioned within required timelines.

Validate analyst findings using Splunk/SPL, endpoint telemetry, authentication logs, firewall logs, email security tools, EDR data, and other security platforms.

Support investigations involving malware alerts, suspicious network traffic, anomalous authentication, endpoint activity, phishing, suspicious files, domains, IPs, and user activity.

Ensure analysts document alert origin, detection context, scope, affected hosts/users, supporting evidence, defensive actions, and recommended next steps.

Conduct quality control reviews to identify gaps in analysis, missed evidence, incomplete timelines, weak conclusions, and repeat reporting issues.

Provide coaching, feedback, and mentoring to SOC analysts to improve investigative depth, documentation quality, and operational consistency.

Coordinate shift handoffs, pass-downs, open actions, and escalations to ensure continuity of operations.

Support incident response coordination, including escalation to senior technical staff, incident handlers, or leadership as required.

Track operational workload, analyst performance, ticket queues, and aging items to ensure no critical work is missed.

Contribute to SOP development, process improvement, training material, analyst checklists, and reporting standards.

Assist with root cause documentation, response summaries, recovery summaries, and leadership-level reporting when required.

Identify recurring detection, process, or analyst performance issues and recommend corrective actions.

Required Qualifications

U.S. citizenship required.

Ability to obtain and maintain required federal suitability or public trust eligibility.

Experience working in a SOC, cyber defense, incident response, or security monitoring environment.

Strong hands-on experience with Splunk and SPL for alert validation, log review, correlation, and investigation support.

Experience reviewing and interpreting security logs from Windows, Linux, firewall, IDS/IPS, EDR, email security, authentication, DNS, proxy, and network telemetry sources.

Ability to lead analysts in triage, investigation, escalation, and documentation of cybersecurity events.

Strong understanding of common attack techniques, malware behavior, phishing, suspicious process activity, command-line analysis, authentication anomalies, and network indicators.

Familiarity with MITRE ATT&CK, NIST incident response concepts, and SOC operational workflows.

Ability to assess whether an alert is a true positive, benign positive, false positive, or requires further escalation.

Strong technical writing skills, including the ability to produce and review clear incident narratives, investigative summaries, root cause analysis, and recommended actions.

Ability to identify documentation gaps, weak analysis, unsupported conclusions, and incomplete evidence.

Strong communication skills and ability to brief leadership, technical teams, and shift personnel.

Ability to work in a fast-paced environment with strict timelines and multiple concurrent investigations.

Willingness to support shift-based SOC operations, including evenings, nights, weekends, or holidays as required.

Prefe

Source: BeBee