Security Operations Center; SOC Lead

Overview

Security Operations Center (SOC) Lead — Falls Church, Virginia. Full-time.

Important Notice: This position is contingent upon contract award.

Summary: SOC Leads manage daily security operations for assigned networks providing 24/7 security monitoring, incident detection and response. This role coordinates incident response activities, oversees SOC analysts, tunes SIEM detection rules, coordinates with other cybersecurity teams, and serves as primary escalation point for security incidents.

• Manage SOC operations ensuring 24/7 security monitoring.
• Oversee 3-8 SOC analysts across multiple shifts.
• Lead investigation and response for 30-100 security incidents monthly.
• Coordinate major incident response requiring multiple teams.
• Manage SIEM platform (Splunk, ELK, or other) for assigned network.
• Develop and tune 50-200 SIEM detection rules.
• Create 30-80 security use cases for threat detection.
• Review and triage 1,000-5,000 daily security alerts.
• Lead proactive threat hunting activities.

• Daily Alerts: 10, reviewed across team.
• Incidents Managed: 30-100 monthly.
• Team Management: 3-8 SOC analysts.
• SIEM Rules: 50-200 maintained and tuned.
• Use Cases: 30-80 security detection use cases.
• Major Incidents: 3-10 annually requiring complex coordination.
• Monthly Reports: SOC operations and incident metrics.

• Clearance:
  Secret (NIPR), Top Secret (SIPR), or TS/SCI Eligible (JWICS) based on network assignment.
• Education:
  
  Bachelor's Degree in Information Technology, Cybersecurity, Computer Science, or related field.
• Experience:
  
  12+ years cybersecurity operations; 5+ years SOC leadership
• Certifications:
  
  IAM-II Level required (CAP, CASP+ CE, CISM, CISSP or Associate, GSLC, CCISO, or HCISPP).
• Technical Knowledge:
  Expert knowledge of SIEM platforms, incident response, threat hunting, attack frameworks (MITRE ATT&CK), security tools (EDR, NIDS/NIPS, forensics)

Advana is the Department of Defense Chief Digital and Artificial Intelligence Office's (CDAO) enterprise-wide data, analytics, and AI platform. Advana provides DoD military and civilian decision makers with unprecedented access to enterprise data, tools, and capabilities in a secure environment. The platform hosts hundreds of curated applications across logistics, financial management, personnel, health, and other domains, accelerating decision advantage through accessible, actionable data and AI capabilities.

This position supports comprehensive cybersecurity operations for the Advana platform across three classified networks (NIPR, SIPR, JWICS).

• This position is contingent upon contract award.
• Start date will be determined upon contract award.
• We will maintain contact with selected candidates throughout the award process.

• U.S. Citizen required.
• Clearance varies by network:
  Secret (NIPR), Top Secret (SIPR), or TS/SCI Eligible (JWICS).
• On-premises work required at Suffolk Building, Falls Church, VA.
• No remote work options available.
• Standard business hours with operational flexibility.

• 4 Weeks Paid Time Off.
• All Federal Holiday’s Paid Vacation.
• Four Percent Matching 401K.
• Full health/vision/dental benefits for the employee and family paid 100% by ZTI Solutions, LLC.

We thank all applicants for their interest. Only candidates selected for interviews will be contacted.