Security Operations Center (SOC) Manager

Armor Defense, Inc.

$100K — $130K *
Plano, TX 75025In-Person
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5-8 years of experience in security operations, incident response, or security consulting with leadership experience.
  • Required certifications: GCIH, GCFA, or equivalent; must obtain AZ-500, SC-200, and SC-300 within 12 months.
  • Bachelor's Degree in IT or Cybersecurity preferred; equivalent experience accepted.
  • Proficiency with security tools like EDR/XDR, SIEM, SOAR, and threat intelligence platforms.
  • Strong scripting skills (Python, PowerShell, KQL) for analysis and automation.

Responsibilities

  • Manage and develop a team of Incident Response and Security Operations professionals.
  • Transform the SOC into an agentic security operations center with AI and automation.
  • Oversee security operations, ensuring effective triage and incident response.
  • Serve as an escalation point for high-severity incidents and lead investigations.
  • Collaborate with cross-functional teams on security capabilities and service improvements.

Benefits

  • Hybrid work schedule with in-office presence required three days a week.
  • Opportunities for continuous learning and professional development.
  • Engagement in a culture that values innovation and fresh thinking.
  • Chance to shape the future of cybersecurity at an evolving company.
  • Work in a supportive and collaborative environment fostering teamwork.
Full Job Description
SUMMARY*

Armor is seeking a hands-on Security Operations Center (SOC) Manager to lead our global Security Operations and Incident Response team. This role is responsible for overseeing daily SOC operations, leading incident response activities, mentoring security professionals, and driving continuous improvements in our managed security services.

The ideal candidate is an experienced people leader with a strong technical background in security operations, cloud security, and incident response. This position partners closely with Engineering, Product, and Customer Success to deliver exceptional security outcomes for our customers.

ESSENTIAL DUTIES AND RESPONSIBILITIES (Additional duties may be assigned as required)*

Team Leadership and Development
  • Directly manage a team of Incident Response Consultants and Security Operations professionals, including performance management, career development, regular 1:1s, and goal-setting.
  • Lead the upskilling and rapid professional development of team members, ensuring readiness for evolving security challenges and agentic workflows.
  • Participate in recruiting new team members through a collaborative hiring process, including interviewing, evaluating candidates, and onboarding.
  • Coach and mentor team members on technical skills, customer consultation techniques, and professional growth.
  • Build and maintain a high-performance culture focused on customer outcomes, continuous improvement, and operational excellence.

SOC Transformation and Modernization
  • Lead the transformation of the SOC into a modern agentic security operations center, leveraging AI-augmented workflows and automation to enhance detection, response, and operational efficiency.
  • Drive modernization initiatives across the security operations function, including process optimization, tooling enhancements, and capability development.
  • Work cross-functionally to rapidly operationalize new security capabilities and integrate them into SOC responsibilities (e.g., CSPM, Defender for OT, Purview, and emerging platforms).
  • Collaborate with Armor's engineering team to evaluate, build, and implement emerging technologies, including AI/ML-assisted detection, automated response, and cloud-native security tools.
  • Work with engineering to design and optimize agentic AI processes that maintain human oversight, accountability, and security standards.

Security Operations and Incident Response
  • Oversee SOC triage operations, ensuring adequate coverage, quality, and consistent delivery of security monitoring and alerting services.
  • Serve as a senior escalation point for high-severity incidents, providing hands-on technical leadership through complex investigations and customer engagements.
  • Manage security policy creation and maintenance across multiple platforms (AV, FIM, IDS, NGFW, EDR, WAF, etc.).
  • Oversee security tooling management, ensuring proper configuration, optimization, and operational readiness.
  • Conduct quality reviews of team deliverables, including incident reports, customer recommendations, and detection content.
  • Contribute to incident response playbook development, detection use-case creation, and consultation framework improvements.

Customer Outcomes and Organizational Collaboration
  • Evolve SOC operations to prioritize customer outcomes, including security improvement, risk reduction, security resilience, and compliance achievement.
  • Collaborate with the broader organization to ensure security operations capabilities align with customer needs and business objectives.
  • Partner with Engineering, Product, and Customer Success teams on service improvements and capability development.
  • Monitor and report on team performance, balancing customer outcome metrics with operational efficiency and SLA adherence.
  • Coordinate with international teams to ensure consistency in procedures, escalation handling, and customer experience.

Required Skills
  • Security Operations Leadership
    • 5+ years of experience in Security Operations, Incident Response, or Managed Security Services.
    • Experience leading or managing SOC or Incident Response teams.
  • Security Operations Technologies
    • Hands-on experience with SIEM, EDR/XDR, SOAR, and threat intelligence platforms.
  • Cloud Security
    • Strong understanding of Azure, AWS, or GCP security, including identity, networking, and workload protection.
  • Automation & Detection
    • Experience with Python, PowerShell, or KQL.
    • Experience building detection logic, response automation, or security playbooks.
  • AI-Assisted Security Operations
    • Experience using AI/LLM tools (such as GitHub Copilot, Claude, Microsoft Security Copilot, or equivalent) to improve security operations, detection engineering, incident response, or analyst productivity.
    • Understanding of AI/LLM security risks, including prompt injection, data leakage, hallucinations, and secure use of AI-generated content.
  • People Leadership
    • Experience in coaching, mentoring, hiring, and developing technical teams.
    • Strong communication skills with customers, executives, and cross-functional partners.

Preferred Qualifications
  • Threat hunting and forensic investigations
  • Detection engineering (Sigma, YARA)
  • Compliance frameworks (PCI-DSS, HIPAA, SOC 2)
  • Git and DevSecOps workflows
  • Experience leading distributed/global teams
  • Microsoft Defender, Sentinel, and Defender XDR
  • Relevant certifications (GCIH, GCFA, CISSP, CySA+, AZ-500, SC-200, SC-300)

Work Environment

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. The noise level in the work environment is usually low to moderate. The work environment may be in either an office setting, at the company's data center, at a client location or at an industry trade event.

Similar Jobs

More Jobs at Armor Defense, Inc.

More Information Technology Jobs

Find similar Security Operations Center (SOC) Manager jobs: