SOC Manager

Type of Requisition:

Regular

Clearance Level Must Currently Possess:

None

Clearance Level Must Be Able to Obtain:

None

Public Trust/Other Required:

Other

Job Family:

Cyber and IT Risk Management

Job Qualifications:

Skills:

Information Security Operations, IT Leadership, Security Monitoring Operations, Security Operations, Splunk Administration

Certifications:

Certified CyberSec First Responder (CFR) | CertNexus - CertNexus, Certified Ethical Hacker (CEH) | EC-Council - EC-Council, Cisco Certified Network Professional (CCNP) Security | Cisco - Cisco, CompTIA Cybersecurity Analyst+ CE (CySA+) | CompTIA - CompTIA, CompTIA PenTest+ CE | CompTIA - CompTIA

Experience:

8 + years of related experience

US Citizenship Required:

No

Job Description:

As the Cyber Security SOC Manager supporting the Virginia Information Technology Agency (VITA), this role leads the day-to-day operations of the Tier I, II, and III analyst team within the VITA SOC. The SOC Manager is responsible for team performance, shift coverage, analyst development, and ensuring SLA compliance across all security monitoring and incident response activities. A strong working knowledge of Splunk is required — including the ability to build, interpret, and maintain operational dashboards — to support data-driven SOC management and visibility into team and threat metrics. The SOC Manager serves as the senior escalation point for complex incidents, interfaces directly with the customer, and drives continuous improvement across people, process, and tooling.

WORK ENVIROMENT: 100% onsite

MEANINGFUL WORK AND PERSONAL IMPACT

SOC Operations & Incident Response

• Serve as senior escalation authority for complex and high-severity incidents; oversee containment and remediation activities and ensure proper documentation and customer communication throughout the incident lifecycle.
• Provide expertise with Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), threat hunting, and threat intelligence; own customer-facing escalation and remediation activities.
• Recognize successful and unsuccessful intrusion attempts; triage security events and accurately prioritize and escalate incidents per established runbooks.
• Detect the full spectrum of known cyberattacks (DDoS, malware, phishing, ransomware, and others) and correlate events across capabilities to identify attacks and breaches.
• Examine malware analysis reports to correlate similar events across incidents; document and report actions taken by malicious actors in customer networks.
• Recommend appropriate methods of system remediation and threat mitigation; prepare incident reports detailing analysis methodology and results.

Splunk Operations & Automation

• Build, maintain, and optimize Splunk dashboards and reports that provide operational visibility into threat activity, SOC performance metrics, and incident trends for analysts and leadership.
• Develop and maintain automated detection workflows, correlation searches, and alert actions in Splunk to reduce analyst workload, minimize false positives, and accelerate response to high-priority threats.
• Write and maintain SPL searches, scheduled reports, and lookup-driven workflows; leverage scripting (Python, PowerShell) to extend Splunk capabilities and support security automation where needed.
• Conduct log and system analysis for network and security devices; create and update detection rules and signatures in security tools and applications.
• Document emerging threat intelligence and reported IOCs for security tool integrations.

Detection Tuning & Compliance Alignment

• Align detections and logging with frameworks and controls: NIST 800-53, NIST CSF, PCI DSS, HIPAA, and SOX as applicable to the customer environment.
• Develop and tune detection content — including use cases, correlation rules, and alert logic — to improve fidelity and reduce noise across the SOC environment.
• Analyze and act on intelligence information to secure customer networks and devices.

Automation & Scripting

• Working knowledge of scripting (Python, PowerShell, or Bash) for security automation, log parsing, and workflow integration; ability to read and modify scripts to support SOC operations.
• Support automation efforts that reduce manual analyst burden, improve detection fidelity, and accelerate incident response timelines.

Team Leadership & SOC Management

• Lead, supervise, and develop a team of Tier I, II, and III SOC analysts; manage shift scheduling, performance expectations, and analyst career development in alignment with program objectives.
• Own SOC SLA compliance and performance reporting; deliver regular operational metrics, trend analysis, and executive-level briefings to program leadership and the customer.
• Serve as the primary customer interface for SOC operations; manage expectations, communicate incident status, and build trusted working relationships with VITA stakeholders.
• Drive continuous improvement across SOC processes, runbooks, and playbooks; conduct post-incident retrospectives and implement lessons learned to strengthen team posture and detection capability.

WHAT YOU’LL NEED TO SUCCEED

• Bachelors degree or equivalent experience

• 5 or more years of experience in cybersecurity operations, including demonstrated supervisory or team lead experience in a SOC environment.

• Ability to obtain and maintain a public trust

• Splunk experience — advanced SPL, dashboard development, automated alerting, and correlation search creation in an operational SOC environment.

• CyberArk experience — privileged access management in a government or enterprise SOC environment.

• Qualifying certification to meet DoW 8140/DCWF CSSP Analyst requirements within 6 months of start: CEH, CFR, CCNA Cyber Ops, CCNA-Security, CySA+, GCIA, GCIH, GICSP, Cloud+, SCYBER, or PenTest+

• Louisiana residency; living within a reasonable commutable distance (approximately 60 miles or less) of the Bossier City facility

GDIT IS YOUR PLACE
At GDIT, the mission is our purpose, and our people are at the center of everything we do.
● Growth: AI-powered career tool that identifies career steps and learning opportunities
● Support: An internal mobility team focused on helping you achieve your career goals
● Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off
● Flexibility: Full-flex work week to own your priorities at work and at home
● Community: Award-winning culture of innovation and a military-friendly workplace
OWN YOUR OPPORTUNITY
Explore a career in cyber at GDIT and you’ll find endless opportunities to grow alongside colleagues who share your focus on defending and protecting what matters.

#GDITLA 

The likely salary range for this position is $110,500 - $149,500. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.

Scheduled Weekly Hours:

40

Travel Required:

None

Telecommuting Options:

Onsite

Work Location:

USA LA Bossier City

Additional Work Locations:

Total Rewards at GDIT:

Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.

 

Our Identity Verification Process:

As part of the hiring process, we will ask you to complete an identity verification process that leverages advanced biometrics and artificial intelligence to ensure authenticity and protect against identity fraud. You are expected to be on camera during virtual interviews. We reserve the right to take your picture to verify your identity and prevent fraud. By proceeding, you authorize the collection, processing, and use of your biometric data for identity verification and security purposes.

About Our Work:

We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 26,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.

Join our Talent Community to stay up to date on our career opportunities and events at

gdit.com/tc.

Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans