SOC Lead

Job Title: SOC Lead

Location: Arlington VA

Department: Cyber Security Services

Reports To: Management

FLSA Status: Full Time/Non-exempt

Description:

Apavo is at the forefront of cybersecurity providing services to military defense and critical infrastructure industries. Joining the Apavo team means becoming part of a company rooted in the principles of quality and communication. We value positive candid interactions and the belief that everyone has valuable contributions to make. Apavo stands out for its commitment to a work-life balance and fostering a growth mindset among all team members. If you are looking to make a meaningful impact in the cybersecurity world while growing professionally in a supportive environment Apavo is the place for you.

Job Purpose:

The SOC Lead is responsible for the strategic direction daily management and operational excellence of the Security Operations Center (SOC) supporting the Multi-Network Support Services (MNSS) contract. This role provides oversight across five classification levels spanning 14 distinct network enclaves encompassing both unclassified and classified environments. The SOC Lead serves as the senior leader for Tier 1 Tier 2 and Tier 3 SOC analysts driving a unified mission-focused security operations capability that protects the most critical IT infrastructure and data assets.

In this role the SOC Lead is responsible for building and sustaining a high-performing analyst workforce establishing and refining SOC processes and ensuring continuous monitoring detection and response operations across all assigned enclaves. The SOC Lead serves as the primary point of escalation for complex incidents coordinates with ISSMs ISSOs system owners and government stakeholders and ensures that all SOC activities align with federal cybersecurity standards mission requirements and contract obligations. This is a leadership-first role requiring both deep technical expertise and the ability to develop mentor and inspire a multi-tiered analyst team.

Duties & Responsibilities:

SOC Lead responsibilities include but are not limited to:

SOC Operations & Oversight:

• Provide day-to-day leadership and oversight of SOC operations across five classification levels and 14 network enclaves ensuring continuous 24/7 monitoring coverage and operational readiness.
• Serve as the senior escalation point for Tier 1 Tier 2 and Tier 3 analyst teams providing expert guidance on complex threats incidents and investigations.
• Establish document and enforce SOC standard operating procedures (SOPs) playbooks and escalation workflows across all classification levels.
• Monitor SOC performance metrics and KPIs including mean time to detect (MTTD) mean time to respond (MTTR) alert fidelity and analyst throughput.
• Manage shift schedules workload distribution and surge capacity to maintain operational coverage across all enclaves.
• Oversee and validate SIEM tuning alert logic and detection rule development to reduce false positives and improve detection fidelity across enclave environments.
• Coordinate with SOAR engineers to develop and refine automated response playbooks that align with multi-enclave operational requirements.

Incident Response & Threat Management:

• Lead the SOCs incident response capability ensuring rapid triage containment eradication and recovery across affected enclaves.
• Serve as incident commander for high-severity and cross-enclave security events coordinating response actions with ISSMs ISSOs system owners and government leadership.
• Oversee threat hunting activities conducted by Tier 3 analysts ensuring proactive identification of advanced persistent threats (APTs) and insider threats across classified and unclassified networks.
• Ensure timely and accurate incident reporting in accordance with DoD IC and reporting requirements.
• Conduct post-incident reviews and lessons learned sessions to drive continuous improvement of detection and response capabilities.

Team Leadership & Development:

• Directly supervise and mentor Tier 1 Tier 2 and Tier 3 SOC analysts fostering a culture of continuous learning mission focus and professional growth.
• Conduct performance evaluations establish individual development plans and identify training and certification opportunities for all analyst tiers.
• Lead hiring efforts for SOC analyst positions in coordination with HR and program leadership.
• Facilitate regular team meetings knowledge sharing sessions and tabletop exercises to strengthen team cohesion and incident readiness.

Stakeholder Engagement & Reporting:

• Serve as the primary SOC liaison to government clients program management ISSMs and senior leadership providing regular operational briefings and status updates.
• Develop and deliver SOC performance reports trend analysis and executive-level summaries on a weekly monthly and ad-hoc basis.
• Collaborate with engineering ISSO and compliance teams to ensure SOC visibility and detection capabilities align with system ATO boundaries and security control requirements.

Compliance & Continuous Improvement:

• Ensure all SOC operations comply with applicable federal regulations DoD directives IC policies NIST frameworks and DISA STIGs.
• Identify gaps in detection coverage tooling and processes and develop improvement roadmaps in coordination with program leadership.
• Stay current on the evolving threat landscape emerging attack techniques and advancements in security operations to maintain a forward-leaning SOC posture.
• Other duties as assigned.

The SOC Lead is expected to have additional duties as assigned in support of corporate cybersecurity services. Additional details are reviewed in accordance with company policies.

Other:

This is typical office or administrative work and there is no exposure to adverse environmental conditions.

This position requires sedentary work. Sedentary work is defined as: Exerting up to 10 pounds of force occasionally and/or a negligible amount of force frequently or constantly to lift carry push pull or otherwise move objects including the human body. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally and all other sedentary criteria are met.

Apavo Corporation provides equal employment opportunities to all applicants and employees and strictly prohibits any type of harassment or discrimination in regards to race religion age color sex disability status national origin genetics sexual orientation protected veteran status gender expression gender identity or any other characteristic protected under federal state and/or local laws.

Consistent with the Americans with Disabilities Act (ADA) it is the policy of Apavo Corporation to provide reasonable accommodation when requested by a qualified applicant or employee with a disability unless such accommodation would cause an undue hardship. The policy regarding requests for reasonable accommodation applies to all aspects of employment including the application process. If reasonable accommodation is needed please contact Apavo Human Resources at or

Employment with Apavo Corporation is on an at-will basis meaning either you or the Company can terminate the employment relationship at any time for any or no reason and with or without cause or notice. As an at-will employee your employment with Apavo Corporation is not guaranteed for any length of time.

Qualifications:

Bachelors degree in Computer Science Information Technology Cybersecurity or a related field; Masters degree preferred.

8 years of professional experience in cybersecurity with at least 3 years in a SOC leadership or senior analyst role.

Demonstrated experience managing or leading multi-tiered SOC teams (Tier 13) in a DoD or IC environment.

Must currently possess an active TS/SCI clearance with the ability to obtain and maintain a CI polygraph.

IAT Level III or IAM Level II/III certification required (e.g. CISSP CISM GSLC CASP).

One or more of the following preferred: GCIH GCIA GCFA GSOM GCDA or equivalent incident response/SOC certifications.

Extensive experience with SIEM platforms (e.g. Splunk QRadar Microsoft Sentinel) in multi-enclave classified environments.

Experience with SOAR platforms and automated response workflows.

Strong knowledge of DoD and IC network architectures including cross-domain solutions classified enclave structures and multi-classification environments.

Deep familiarity with NIST SP 800-61 NIST SP 800-137 CJCSM 6510.01 and other relevant federal incident response and continuous monitoring frameworks.

Proven ability to lead high-stakes incident response operations and communicate effectively with senior government stakeholders.

Experience with threat intelligence platforms threat hunting methodologies and adversary TTPs (MITRE ATT&CK framework).

Strong written and verbal communication skills; ability to translate complex technical findings into clear executive-level reporting.