Job Family:

Travel Required:

Clearance Required:

What You Will Do:

• Lead day-to-day operations of the Security Operations Center (SOC), ensuring consistent, reliable monitoring, detection, and response to security incidents across the environment.
• Supervise, mentor, and develop SOC analysts and shift leads; manage staffing, scheduling, and escalation procedures for a 24/7 operational model.
• Coordinate incident response activities with internal teams and external partners; drive root cause analysis, post-incident reviews, and continuous improvement of playbooks and runbooks.
• Operate and tune core SOC tooling (SIEM, EDR, SOAR) to improve detection coverage, reduce false positives, and accelerate investigation times.
• Define, collect, and report on SOC performance metrics and KPIs; present operational status and trends to leadership and key stakeholders.
• Partner with threat intelligence, vulnerability management, and engineering teams to operationalize threat indicators and harden systems based on observed threats and vulnerabilities.
• Manage vendor relationships and third-party security monitoring services, ensuring SLAs and deliverables meet organizational requirements.

What You Will Need:

• Minimum of SEVEN (7) years of SOC operations experience; to include specific experience leading SOC operations or security monitoring teams, including hands-on incident response and investigations.
• Strong familiarity with SIEM platforms, endpoint detection and response (EDR) tools, and SOAR workflow automation.
• Demonstrated ability to develop and maintain detection use cases, playbooks, and investigative procedures.
• Experience defining and reporting SOC metrics and KPIs to measure effectiveness and drive operational improvements.
• Excellent written and verbal communication skills with the ability to communicate technical details to non-technical stakeholders and executive leadership.
• Proven leadership skills: coaching, performance management, scheduling for 24/7 operations, and handling escalations under pressure.
• Bachelor’s degree in Computer Science, Information Security, or related field, or equivalent experience in cybersecurity operations.

What Would Be Nice To Have:

• Professional certifications such as CISSP, CISM, or GIAC that demonstrate advanced security knowledge.
• Experience with Splunk, Elastic, QRadar, or other major SIEM technologies and associated tuning/analytics.
• Hands-on experience with cloud-native security tools and environments (AWS, Azure, or GCP).
• Background in healthcare or regulated industries with familiarity with relevant compliance requirements (e.g., HIPAA).
• Scripting or automation skills (Python, PowerShell) to build integrations and automate repetitive operational tasks.
• Experience with threat hunting, MITRE ATT&CK framework application, and proactive detection engineering.

What We Offer:

Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.

Benefits include:

• Medical, Rx, Dental & Vision Insurance

• Personal and Family Sick Time & Company Paid Holidays

• Position may be eligible for a discretionary variable incentive bonus

• Parental Leave and Adoption Assistance

• 401(k) Retirement Plan

• Basic Life & Supplemental Life

• Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts

• Short-Term & Long-Term Disability

• Student Loan PayDown

• Tuition Reimbursement, Personal Development & Learning Opportunities

• Skills Development & Certifications

• Employee Referral Program

• Corporate Sponsored Events & Community Outreach

• Emergency Back-Up Childcare Program

• Mobility Stipend