Everforth ECS is seeking an
Incident Detection/Response Manager (SOC Manager) who lives in close proximity to the
National Capital Region (NCR) to join a premier, enterprise-scale cybersecurity program supporting a major federal civilian agency.
Please Note: This position is contingent upon contract award.Salary Range: $140,000 - $160,000This flagship initiative unifies 24x7x365 Security Operations (SOC), proactive threat hunting, and advanced Security Engineering and Architecture into a cohesive defensive mission. As a key leader on this program, you will drive the protection of highly sensitive, national-level financial, and personally identifiable information (PII). You will be at the forefront of modernizing the agency's cyber posture, implementing advanced automation, and ensuring continuous operational resilience across a massive, highly complex federal IT enterprise.
As the Incident Detection/Response Manager, you will serve as the operational commander of a high-performing, around-the-clock Security Operations Center supporting a major federal civilian agency. You will direct Tier I, II, and III incident response operations, ensuring rapid detection, containment, and recovery across a large-scale federal IT enterprise. Working closely with threat hunting teams, security engineers, agency stakeholders, and external service providers, you will lead the SOC's day-to-day operations while driving continuous improvement in detection capabilities, response procedures, and overall security posture. When incidents occur, you become the incident commander, orchestrating response from the moment a threat is detected through containment, eradication, and recovery.
Position Responsibilities:- Manage SOC daily activities, including building and maintaining shift schedules and ensuring all documentation, including SOPs, Playbooks, and CONOPS, are current.
- Manage Tier I, II, and III incident response operations across the federal enterprise, ensuring consistent, high-quality response at every level.
- Coordinate containment, eradication, and recovery activities during active security incidents, serving as the primary incident commander and coordinating between the SOC team, IT operations, and relevant stakeholders.
- Lead post-incident reviews and root cause analysis to identify lessons learned and drive continuous improvement in SOC processes and detection capabilities.
- Ensure compliance with NIST SP 800-61 and federal incident response standard operating procedures across all SOC operations.
- Manage SIEM event "notables" dashboards, ensuring timely triage, escalation, and resolution of security alerts.
- Maintain the SOC coverage schedule per shift to ensure 24x7x365 operational readiness.
- Maintain the call tree, including current contact information for all partner organizations and Cloud Service Providers (CSPs).
- Apply MITRE ATT&CK framework to map attacker tactics, techniques, and procedures (TTPs) during investigations and incident response activities.
- Encourage team collaboration by fostering a positive team culture, managing workloads effectively, and supporting professional development.
- Collaborate with threat hunting, CTI, engineering, and architecture teams to ensure SOC operations are informed by the latest threat intelligence and detection capabilities.
- Present incident findings, risk recommendations, and SOC performance metrics to both technical teams and senior government officials in a clear, actionable format.
Support the development and continuous improvement of a comprehensive enterprise information security program grounded in the latest laws, regulations, and industry best practices.
- U.S. Citizenship required.
- 8+ years of IT experience, with 4+ years of dedicated incident response and SOC operations experience.
- Remote but within close proximity to the NCR.
- Active Public Trust 6c clearance, or the ability to obtain and maintain one.
- At least one of the following certifications: GCIH, GCFA, GREM, or equivalent.
- Hands-on experience with SIEM, SOAR, EDR, CDM, and malware analysis tools and platforms.
- Strong experience with operating systems and networking fundamentals, including log analysis, traffic analysis, and endpoint forensics.
- Experience with AWS native services and tools in a federal or enterprise cloud environment.
- Demonstrated experience managing a SOC overseeing complex, large-scale federal or enterprise IT systems.
- Strong command of incident response frameworks including NIST SP 800-61, SANS PICERL, and MITRE ATT&CK.
- Practical malware analysis fundamentals, including static analysis, sandboxing, and Indicator of Compromise (IoC) extraction.
- Experience with SOAR platforms to automate repetitive elements of incident response and improve analyst efficiency.
- Proven ability to translate complex technical findings into clear, actionable language for both technical and executive audiences.
- Strong written and verbal communication skills, with a track record of producing high-quality federal security documentation.