Cyber Security Soc Manager

SOC Manager for a Managed Security Service Provider (MSSP) plays a critical role in overseeing security operations for multiple clients, ensuring threat detection, incident response, and compliance across various environments.

This role requires a mix of technical expertise, leadership, and client management skills since the SOC serves external organizations rather than a single in-house team.

SOC Operations & Team Leadership:
- Manage a 24/7 SOC team (Tier 1, 2, and 3 analysts) across shifts.
- Define and enforce SOPs (Standard Operating Procedures) for monitoring, triage, and escalation.
- Ensure SLAs (Service Level Agreements) are met for clients (e.g., response times, uptime).
- Conduct performance reviews, training, and skill development for analysts.

Client-Focused Security Management:
- Act as the primary security liaison for clients, providing updates on threats, incidents, and recommendations.
- Customize threat detection rules (SIEM tuning) per client environment (e.g., Azure, AWS, on-prem).
- Deliver monthly / quarterly security reports (KPIs, incidents, trends).
- Assist in pre‑sales discussions (explaining SOC capabilities to prospects).

Threat Detection & Incident Response:
- Oversee real‑time monitoring via SIEM (e.g., Splunk, Microsoft Sentinel, LogRhythm).
- Manage major security incidents (ransomware, breaches, insider threats) with cross‑team coordination.
- Implement automated response (SOAR) to improve efficiency (e.g., automated phishing remediation).
- Conduct threat hunting based on client‑specific risks.

Technology & Tooling Management:
- Oversee multi‑tenant SIEM (e.g., SGBox, Splunk ES, Microsoft Sentinel, LogRhythm).
- Manage EDR / XDR, SOAR, and threat intelligence platforms.
- Optimize alert rules to reduce noise and improve detection accuracy.

Client Communication & Reporting:
- Act as the primary escalation point for major security incidents.
- Deliver executive reports on threat trends, incidents, and risk posture.
- Advise clients on security improvements and compliance (e.g., NIST, ISO, POPIA, GDPR).

Continuous Service Improvement:
- Perform threat hunting and proactive vulnerability assessments.
- Refine SOC workflows with automation (SOAR) and AI‑driven analytics.
- Stay updated on emerging threats (ransomware, zero‑days, supply chain attacks).

Technical Expertise – SIEM, EDR, firewall / IDS / IPS, cloud security (AWS / Azure / GCP).

MSSP Experience – Managing security for multiple clients with different needs.

Certifications – CISSP, CISM, GIAC (GCIH, GSOC), CCSP (for cloud security).

Soft Skills – Strong client communication, SLA management, and leadership.