Type of Requisition:Regular
Clearance Level Must Currently Possess:None
Clearance Level Must Be Able to Obtain:None
Public Trust/Other Required:Other
Job Family:Cyber and IT Risk Management
Job Qualifications:Skills:Information Security Operations, IT Leadership, Security Monitoring Operations, Security Operations, Splunk Administration
Certifications:None
Experience:5 + years of related experience
US Citizenship Required:No
Job Description:As the
Cyber Security SOC Manager supporting VITA, this leader is the technical driver of the SOC's day-to-day operations and detection posture - architecting how the operation detects, responds, and improves, and keeping a finger on the pulse of the industry to know which tools and practices to integrate, replace, or retire.
This role partners with the Operations Manager on the SOC's broader strategic direction; the
SOC Manager brings the technical and architectural point of view to that partnership rather than setting strategy unilaterally. They lead the Tier I-III analyst team and are accountable for team performance, shift coverage, analyst development, and SLA compliance. They partner with an embedded SOC Analyst, Tier III, as their senior execution arm, building against the standards and architecture the
SOC Manager defines.
Deep hands-on command of Splunk is required, with strong working knowledge of Tenable and CrowdStrike used to design the SOC's detection pipeline, data model, and automation fabric. The
SOC Manager is the senior escalation point for complex incidents and a credible customer interface - customer-facing, but grounded in technical authority rather than sales. Above all, this role drives measurable improvement: better performance, better reporting, fewer errors, lower cost where possible, and a more secure environment.
SOC Operations & Incident Response- Serve as senior escalation authority for complex, high-severity incidents; oversee containment and remediation, and ensure documentation and customer communication throughout the incident lifecycle.
- Provide expertise with IOCs, TTPs, threat hunting, and threat intelligence; own customer-facing escalation and remediation.
- Ensure the team recognizes intrusion attempts and triages, prioritizes, and escalates incidents per established runbooks.
- Ensure detection of the full spectrum of known attacks (DDoS, malware, phishing, ransomware, and others) and correlation of events across capabilities.
- Ensure malware analysis is reviewed and correlated across incidents, and that malicious activity is documented and reported with clear remediation recommendations.
Splunk & Detection - Manager Directs, Tier III Executes- Set the standards, priorities, and design for Splunk dashboards, reports, correlation searches, and alert actions that give analysts and leadership visibility into threat activity, SOC performance, and incident trends - the SOC Analyst, Tier III executes the build and maintenance.
- Direct automated detection and correlation content that reduces analyst workload, cuts false positives, and speeds response to high-priority threats.
- Oversee SPL searches, scheduled reports, and lookup-driven workflows; guide scripting (Python, PowerShell) that extends Splunk and supports automation.
- Retain hands-on fluency in Splunk and CyberArk sufficient to direct the work credibly, validate quality, and step in when needed.
Detection Tuning & Compliance Alignment- Align detections and logging with frameworks and controls: NIST 800-53, NIST CSF, PCI DSS, HIPAA, and SOX as applicable to the customer environment.
- Set the tuning strategy for use cases, correlation rules, and alert logic to raise fidelity and reduce noise across the SOC; the Tier III analyst implements the changes.
Automation & Scripting- Working knowledge of scripting (Python, PowerShell, or Bash) for automation, log parsing, and workflow integration - able to read and modify scripts to direct SOC automation.
- Champion automation that cuts manual analyst burden, improves detection fidelity, and accelerates response, directing the Tier III analyst on implementation.
Team Leadership & SOC Management- Lead, supervise, and develop the Tier I-III team; manage shift scheduling, performance expectations, and career development - using the SOC Analyst, Tier III as the senior execution arm for the Manager's technical vision.
- Own SOC SLA compliance and performance reporting; deliver operational metrics, trend analysis, and executive briefings to program leadership and the customer.
- Serve as the primary customer interface; manage expectations, communicate incident status, and build trusted relationships with VITA stakeholders.
- Drive continuous improvement across processes, runbooks, and playbooks; run post-incident retrospectives and apply lessons learned.
SOC Architecture & Continuous Improvement- Keep a finger on the pulse of the industry - continuously assess tools, platforms, and techniques for technical fit, and recommend what to integrate, replace, or retire across the detection and response stack.
- Define the target-state SOC architecture - detection pipeline, data model, and automation fabric - and set the engineering standards the Tier III analyst executes against.
- Partner with the Operations Manager on SOC strategy, contributing the technical and architectural perspective to shared strategic decisions rather than setting direction unilaterally.
- Drive improvement by design: higher detection fidelity and performance, cleaner reporting, fewer manual errors, lower tooling and compute cost, and a stronger security posture.
- Evaluate and prototype new capabilities before production; make build-vs-buy and integrate-vs-replace calls grounded in hands-on assessment.
- Raise the team's engineering bar, mentoring analysts toward detection-engineering practices with the Tier III analyst as senior builder.
Required Qualifications- Education: BA/BS or equivalent
- Experience: 5+ years of experience required in cybersecurity operations, including demonstrated supervisory or team-lead experience in a SOC environment. 8+ years of experience strongly preferred.
- Splunk: Advanced SPL, dashboard development, automated alerting, and correlation-search creation in an operational SOC.
- Tenable and CrowdStrike: Native data experience and interpretation skills, correlation with other data, and understanding of the integration with Splunk data and dashboards.
- Must possess or be able to obtain within six months of start two of the following certifications to meet DoD 8140/DCWF CSSP Analyst requirements: CEH, CFR, CCNA Cyber Ops, CCNA-Security, CySA+, GCIA, GCIH, GICSP, Cloud+, SCYBER, or PenTest+.
Security Clearance Level: Must be able to pass a background check to obtain a position of Public Trust.
Location: On-site at GDIT's Integrated Technology Center in Bossier City, LA.
The likely salary range for this position is $136,000 - $184,000. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.
Scheduled Weekly Hours:
40
Travel Required:
Less than 10%
Telecommuting Options:
Onsite
Work Location:
USA LA Bossier City
Additional Work Locations:
Total Rewards at GDIT:
Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.
Our Identity Verification Process:
As part of the hiring process, we will ask you to complete an identity verification process that leverages advanced biometrics and artificial intelligence to ensure authenticity and protect against identity fraud. You are expected to be on camera during virtual interviews. We reserve the right to take your picture to verify your identity and prevent fraud. By proceeding, you authorize the collection, processing, and use of your biometric data for identity verification and security purposes.