MDR Manager

The SOC MDR Manager is responsible for leading and coordinating the day-to-day operations of the Managed Detection and Response (MDR) team while ensuring the successful delivery of security monitoring, incident response, and operational support services. This is a leadership-focused, customer-facing role responsible for managing team operations, driving service improvements, coordinating escalations, and ensuring operational excellence across the SOC environment. The ideal candidate combines strong operational leadership, technical security expertise, and customer communication skills with the ability to guide teams through complex security events and evolving service demands.

Role Focus

• Primary Objective: Lead and optimize MDR operations while ensuring high-quality security monitoring, incident response coordination, and customer service delivery
• Approach: Operationally focused, customer-oriented, collaborative, and process-driven leadership
• Core Skills: SOC operations management, incident coordination, team leadership, security operations oversight, and process improvement
• Solution Profile: Managed Detection and Response (MDR), SIEM, endpoint security, incident response, security operations, and operational process management
• Success Metrics: Team performance, incident response effectiveness, service delivery quality, operational efficiency, customer satisfaction, and MDR capability improvements
• Challenges: Managing shift coverage, coordinating high-severity incidents, balancing operational priorities, improving processes at scale, and supporting a fast-paced security operations environment

• Create and manage SOC/MDR shift schedules to ensure proper operational coverage and continuity
• Coordinate shift changes, call-offs, schedule adjustments, and on-call rotations to maintain operational readiness
• Serve as the primary operational point of contact for the MDR team and related security operations activities
• Report and review MDR operational metrics, service performance, and team effectiveness
• Lead managerial responsibilities including staffing, performance management, coaching, mentoring, training, and career path development for MDR team members
• Identify opportunities for MDR capability enhancements, operational improvements, and service optimization initiatives
• Collaborate cross-functionally with engineering, operations, leadership, and other internal departments to improve service delivery and operational outcomes
• Coordinate escalations and engage additional technical resources as necessary during projects, incidents, or operational challenges
• Continuously improve SOC/MDR operational policies, procedures, standards, workflows, and escalation processes
• Drive improvements to ticketing processes, reporting structures, operational documentation, and service metrics
• Conduct weekly reviews of alerts, reports, incidents, and operational trends to ensure service quality and continuous improvement
• Perform operational spot checks of security solutions and monitoring platforms to ensure systems remain functional and effective
• Ensure MDR operations comply with all RedHelm Information Security Policies, privacy standards, and operational controls
• Ensure customer and company data are handled securely and remain protected, available, and confidential where applicable
• Maintain accurate operational documentation, reporting records, and team procedures within internal systems and platforms

• 4+ years of experience within SOC, NOC, Blue Team, or cybersecurity operations environments
• 2+ years of experience in a leadership, supervisory, or team coordination role within security operations or managed services environments preferred
• Experience supporting customer-facing technical operations or managed security services environments
• Experience serving as an escalation point during operational incidents, outages, or security events
• Experience coordinating incident response efforts, operational workflows, and service delivery processes
• Hands-on experience supporting or administering security technologies including but not limited to:
  • Firewalls
  • SIEM Platforms
  • IDS/IPS Solutions
  • Endpoint Protection and Antivirus Solutions
  • Security Monitoring and Incident Response Platforms
• Experience supporting Windows and Linux operating systems within operational or security-focused environments
• Experience working within fast-paced operational environments with multiple competing priorities and escalations

• Strong leadership and team management capabilities within operational or technical environments
• Strong customer-facing communication and relationship management skills
• Solid understanding of networking, security operations, and incident response principles
• Ability to effectively coordinate and manage high-severity incidents and operational escalations
• Strong analytical, troubleshooting, and decision-making skills
• Ability to improve operational processes, workflows, documentation, and service quality
• Excellent written communication, reporting, and documentation skills
• Ability to collaborate effectively across technical, operational, and leadership teams
• Strong organizational skills with the ability to manage multiple priorities simultaneously
• Strong coaching, mentoring, and employee development capabilities
• Ability to work independently while also driving team accountability and collaboration
• Strong attention to detail and commitment to operational excellence and customer satisfaction
• Strong desire to continuously learn, improve, and adapt within evolving cybersecurity environments

• Experience with security operations platforms and technologies including SIEM, endpoint protection, IDS/IPS, firewalls, and monitoring solutions
• Knowledge of Windows and Linux operating systems and administrative functions
• Knowledge of networking, security operations, and operational escalation management
• Bachelor’s degree in Information Technology, Cybersecurity, Engineering, or a related field preferred
• Relevant cybersecurity, security operations, networking, or incident response certifications preferred
• Valid driver’s license and reliable transportation required where applicable
• Willingness and ability to participate in on-call escalations and occasional travel as needed

Compensation

The annual salary for this role starts at $115,000.

KPIs / Metrics

• MDR operational coverage and scheduling effectiveness
• Incident response coordination and escalation management effectiveness
• Alert review quality and response timeliness
• Team performance, coaching, and employee development outcomes
• Customer satisfaction and operational service quality
• Accuracy and effectiveness of operational reporting and metrics
• Operational process improvement and workflow optimization initiatives
• Ticket quality, documentation accuracy, and escalation handling
• Security platform operational health and monitoring effectiveness
• Cross-functional collaboration and operational support effectiveness

All employees are responsible for adhering to company Information Security and Privacy Policies and ensuring that all applicable procedures are consistently followed. This includes safeguarding client and company data to maintain its security, availability, and confidentiality, and upholding all legal and regulatory obligations related to data protection. Employees are expected to perform their duties in a manner that prevents security breaches or incidents that compromise business operations, client data, client data, or the company’s financial and operational standing.