Security Operations Center Lead
Job Summary
The Security Operations Center Lead is responsible for leading the day-to-day operations of the University's Security Operations Center, including cybersecurity monitoring, alert triage, incident response coordination, operational reporting, and continuous improvement of SOC processes. This position serves as the primary operational lead for the SOC and provides technical supervision, mentorship, and professional development for undergraduate and graduate student analysts.
Typical duties may include but are not limited to:
- Leads day-to-day Security Operations Center (SOC) activities, including security monitoring, alert triage, investigation, escalation, incident response coordination, operational reporting, and analyst shift oversight.
- Participates in after-hours incident response, emergency escalation, and on-call support as needed.
- Recruits, hires, trains, mentors, and supervises undergraduate and graduate student analysts.
- Develops and maintains a structured student analyst training program.
- Develops or supports cybersecurity exercises, tabletop scenarios, and incident response drills.
- Establishes analyst progression standards, operational guardrails, and escalation thresholds.
- Performs security monitoring, investigation, and incident response activities as needed.
- Reviews, validates, and directs security investigations.
- Serves as the operational lead during significant cybersecurity incidents.
- Maintains and improves detection, monitoring, and response capabilities across security technologies.
- Develops, maintains, and updates SOC playbooks, standard operating procedures, workflows, and documentation.
- Manges relationships with managed security service providers (MSSPs), incident response vendors, and other external security partners.
- Supports security operations and incident response activities involving regulated or sensitive institutional data.
- Escalates actionable cybersecurity risks, incidents, and operational concerns to the Chief Information Security Officer (CISO).
- Maintains security operations documentation and reports on security metrics, incident trends, operational performance, and student program outcomes.
- Conducts or supports audits, compliance activities, and security reviews.
- Conducts post-incident reviews and broader security process evaluations.
- Communicates technical security findings, risks, and operational impacts in clear, non-technical language.
- Contributes to broader information security initiatives including cloud security, identity and access management, security awareness, and emerging technology governance efforts.
Required Qualifications
- This position requires nine years of directly related full-time experience or, as an alternative, a Bachelor's degree from an accredited institution in Cybersecurity, Computer Science, Informatics, Information Systems, or related field and five years of full-time experience directly related to the job functions.
- Experience with SOC operations, security monitoring, incident response, or related cybersecurity functions.
- Experience with enterprise SIEM, EDR, or similar platforms.
- Experience utilizing Microsoft security tools, including Microsoft Entra ID, Microsoft Sentinel, Active Directory, Microsoft Defender, Microsoft 365 security features or comparable enterprise security tools.
Preferred Qualifications
- Five years full time experience in cybersecurity operations, incident response, or threat detection.
- Two years experience in managing, coaching, or mentoring technical staff or junior analysts.
- Familiarity with NIST CSF, NIST 800-53, FERPA, and HIPAA.
- Experience working in Higher Education.
- Familiarity with Higher Education technologies, including Banner, Workday, Canvas, Blackboard, and research computing infrastructure.
- Experience designing security training or formal curricula.
- Experience with Microsoft Sentinel, Microsoft Defender XDR, Microsoft Entra ID, Microsoft Purview, or related Microsoft security technologies. Experience with SOAR platforms.
- CISSP, CISM, Security+, GCIH, GCIA, CISA, or similar certifications.
Find Your Best Opportunity
Tell them AcademicJobs.com sent you!







