SOC MANAGER

The State Personnel System is an E-Verify employer. For more information click on our E-Verify Website.

The SOC Manager provides strategic and operational leadership for the State’s Security Operations Center, overseeing two analyst teams that perform enterprise-wide cyber threat intelligence (CTI), threat monitoring, and incident response (IR) functions. The SOC Manager ensures operational coverage, analytic consistency, and effective coordination across the enterprise to detect, analyze, and respond to cybersecurity threats affecting state and local government systems.

This position manages SOC staff scheduling, directs operations, validates detection efficacy, and ensures the timely production of reports, key performance indicators (KPIs), and situational awareness deliverables. The SOC Manager works closely with Engineering, Enterprise Architecture, and other cybersecurity units to strengthen detection capabilities, refine operational processes, and drive continuous maturity improvements across the SOC program.

The SOC Manager is expected to possess and demonstrate hands‑on technical expertise in security operations. This role requires the ability to independently analyze alerts, validate detections, guide investigations, and make informed technical decisions during active incidents. The SOC Manager must be capable of leading analysts by technical example, reviewing analytic work products for accuracy and quality, and directly engaging with SOC tooling, telemetry, and workflows when required.

• Provide technical leadership for SOC operations by reviewing, validating, and, when necessary, personally conducting advanced alert triage, incident investigation, and threat analysis activities. The SOC Manager must be able to step into analyst or team lead functions during high‑impact incidents or staffing gaps.
• Provide leadership and direction to SOC Team Leads and Analysts, ensuring effective execution of cyber threat intelligence and incident response operations, and related cybersecurity analytical functions.
• Manage schedules and shift rotations to maintain expected SOC coverage levels.
• Oversee daily operations, workload balance, and coordination between SOC teams to ensure unified execution of operational, project, and improvement responsibilities.
• Supervise the performance and professional development of SOC personnel through coaching, mentoring, and structured feedback.
• Serve as the SOC escalation point for critical incidents and analytic or operational issues requiring management intervention.
• Collaborate with the Deputy State CISO and other security leaders to align SOC operations with broader cybersecurity strategy and enterprise risk priorities, including workforce planning to ensure sustained operational readiness and continuity of expertise.

• Demonstrate working knowledge of SOC technologies by actively validating telemetry ingestion, detection fidelity, alert thresholds, and response workflows across SIEM, SOAR, EDR/XDR, and CTI platforms.
• Ensure SOC processes, reporting activities, and escalation procedures comply with applicable cybersecurity statutes and administrative rules, including s. 282.318, F.S., s. 282.3185, F.S., and Chapter 60GG-2, F.A.C.
• Validate the efficacy of detection and response capabilities across tools, processes, and workflows, including identifying gaps in detection coverage and recommending improvements to enhance enterprise visibility across telemetry and data sources.
• Direct the creation and maintenance of standard operating procedures (SOPs), playbooks, and analytic standards to ensure consistent incident handling and intelligence production.
• Coordinate with Security Engineering and Enterprise Architecture teams to improve detection logic, data integration, and telemetry visibility.
• Ensure timely and accurate recording of information to be used in CSOC performance management.
• Oversee quality assurance and timely production of all SOC outputs, including metrics, threat intelligence products, incident documentation, situational awareness reports, and ad‑hoc reporting.
• Ensure…