Everforth ECS is seeking an Incident Detection/Response Manager (SOC Manager) who lives in close proximity to the National Capital Region (NCR) to join a premier, enterprise-scale cybersecurity program supporting a major federal civilian agency.
Please Note: This position is contingent upon contract award.
Salary Range: $140,000 - $160,000
This flagship initiative unifies 24x7x365 Security Operations (SOC), proactive threat hunting, and advanced Security Engineering and Architecture into a cohesive defensive mission. As a key leader on this program, you will drive the protection of highly sensitive, national-level financial, and personally identifiable information (PII). You will be at the forefront of modernizing the agency's cyber posture, implementing advanced automation, and ensuring continuous operational resilience across a massive, highly complex federal IT enterprise.
As the Incident Detection/Response Manager, you will serve as the operational commander of a high-performing, around-the-clock Security Operations Center supporting a major federal civilian agency. You will direct Tier I, II, and III incident response operations, ensuring rapid detection, containment, and recovery across a large-scale federal IT enterprise. Working closely with threat hunting teams, security engineers, agency stakeholders, and external service providers, you will lead the SOC's day-to-day operations while driving continuous improvement in detection capabilities, response procedures, and overall security posture. When incidents occur, you become the incident commander, orchestrating response from the moment a threat is detected through containment, eradication, and recovery.
Position Responsibilities:
- Manage SOC daily activities, including building and maintaining shift schedules and ensuring all documentation, including SOPs, Playbooks, and CONOPS, are current.
- Manage Tier I, II, and III incident response operations across the federal enterprise, ensuring consistent, high-quality response at every level.
- Coordinate containment, eradication, and recovery activities during active security incidents, serving as the primary incident commander and coordinating between the SOC team, IT operations, and relevant stakeholders.
- Lead post-incident reviews and root cause analysis to identify lessons learned and drive continuous improvement in SOC processes and detection capabilities.
- Ensure compliance with NIST SP 800-61 and federal incident response standard operating procedures across all SOC operations.
- Manage SIEM event "notables" dashboards, ensuring timely triage, escalation, and resolution of security alerts.
- Maintain the SOC coverage schedule per shift to ensure 24x7x365 operational readiness.
- Maintain the call tree, including current contact information for all partner organizations and Cloud Service Providers (CSPs).
- Apply MITRE ATT&CK framework to map attacker tactics, techniques, and procedures (TTPs) during investigations and incident response activities.
- Encourage team collaboration by fostering a positive team culture, managing workloads effectively, and supporting professional development.
- Collaborate with threat hunting, CTI, engineering, and architecture teams to ensure SOC operations are informed by the latest threat intelligence and detection capabilities.
- Present incident findings, risk recommendations, and SOC performance metrics to both technical teams and senior government officials in a clear, actionable format.
Support the development and continuous improvement of a comprehensive enterprise information security program grounded in the latest laws, regulations, and industry best practices.
Preferred Qualifications- U.S. Citizenship required.
- 8+ years of IT experience, with 4+ years of dedicated incident response and SOC operations experience.
- Remote but within close proximity to the NCR.
- Active Public Trust 6c clearance, or the ability to obtain and maintain one.
- At least one of the following certifications: GCIH, GCFA, GREM, or equivalent.
- Hands-on experience with SIEM, SOAR, EDR, CDM, and malware analysis tools and platforms.
- Strong experience with operating systems and networking fundamentals, including log analysis, traffic analysis, and endpoint forensics.
- Experience with AWS native services and tools in a federal or enterprise cloud environment.
- Demonstrated experience managing a SOC overseeing complex, large-scale federal or enterprise IT systems.
- Strong command of incident response frameworks including NIST SP 800-61, SANS PICERL, and MITRE ATT&CK.
- Practical malware analysis fundamentals, including static analysis, sandboxing, and Indicator of Compromise (IoC) extraction.
- Experience with SOAR platforms to automate repetitive elements of incident response and improve analyst efficiency.
- Proven ability to translate complex technical findings into clear, actionable language for both technical and executive audiences.
- Strong written and verbal communication skills, with a track record of producing high-quality federal security documentation.
Skills Required
- U.S. Citizenship
- 8+ years IT experience with 4+ years dedicated incident response and SOC operations experience
- Active Public Trust (6c) clearance or ability to obtain and maintain one
- At least one certification: GCIH, GCFA, GREM, or equivalent
- Hands-on experience with SIEM, SOAR, EDR, CDM, and malware analysis tools
- Strong operating systems and networking fundamentals, including log and traffic analysis and endpoint forensics
- Experience with AWS native services and tools in a federal or enterprise cloud environment
- Demonstrated experience managing a SOC for large-scale federal or enterprise IT systems
- Command of incident response frameworks (NIST SP 800-61, SANS PICERL, MITRE ATT&CK)
- Practical malware analysis fundamentals (static analysis, sandboxing, IoC extraction)
- Experience using SOAR platforms to automate incident response workflows
- Proven ability to translate technical findings for technical and executive audiences
- Strong written and verbal communication skills and federal security documentation experience
- Remote but within close proximity to the National Capital Region (NCR)
ECS Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about ECS and has not been reviewed or approved by ECS.
-
Healthcare Strength — ECS advertises multiple national-network medical plan options with HSA eligibility alongside dental and vision coverage. Coverage generally begins quickly and is paired with company-paid short- and long-term disability, adding stability to the health package.
-
Retirement Support — A 401(k) with Safe Harbor and immediate vesting on employer contributions is emphasized, with an employer match available. Access to an employee stock purchase plan via the parent company provides an additional savings avenue.
-
Parental & Family Support — Paid parental leave up to 30 days, adoption assistance, and other family-oriented leaves are highlighted. Feedback suggests these offerings add meaningful value beyond base pay for many roles.
ECS Insights
What We Do
ECS, a segment of ASGN (NYSE: ASGN), delivers advanced solutions and services in cloud, cybersecurity, artificial intelligence (AI), machine learning (ML), application and IT modernization, and science and engineering. The company solves critical, complex challenges for customers across the U.S. public sector, defense, intelligence and commercial industries. ECS maintains partnerships with leading cloud, cybersecurity, and AI/ML providers and holds specialized certifications in their technologies. Headquartered in Fairfax, Virginia, ECS has more than 3,400 employees throughout the U.S. and has been recognized as a Top Workplace by The Washington Post for the last five years.







