SOC Manager (Hands-On) - Remote (USA)
EcheloncyberPosted Yesterday
Every job listed here is analyzed by our AI to identify worldwide hiring — not just “remote in the US.” Our classification is actively being improved, some results may be inaccurate.
Worldwide Remote
Jobs reviewed for worldwide hiring.
Real Hiring Data
Country flags show the countries where each company has team members
Updated Hourly
Fresh jobs synced from thousands of career pages
About us : At Echelon Risk + Cyber, we believe in defending fundamental human rights to security and privacy. We are seeking a highly skilled and hands-on SOC Manager to join our dynamic team at Echelon Risk + Cyber, a leading cybersecurity consulting firm. Our next team member will be ready to roll up their sleeves, identify opportunities for our clients and for Echelon internally, and operate with unquestioned integrity. As the SOC Manager , you will lead and mature our Security Operations Center (SOC) capabilities within our MSSP practice. This is a player-coach role that combines technical leadership, operational oversight, and hands-on security operations. The ideal candidate brings 7–10 years of MSSP experience, including at least 5 years working directly within a SOC environment , along with a strong security engineering background across EDR/MDR, SIEM, Microsoft 365 Security, Crowdstrike and Email Security. In this role, you will provide leadership and mentorship to SOC analysts while remaining actively involved in day-to-day security operations, detection engineering, threat hunting, incident response, and continuous improvement initiatives. You will serve as a technical escalation point for complex security incidents, help define SOC processes and best practices, and work closely with clients to strengthen their security posture. This is a remote position from anywhere in the USA. What You Will Do: SOC leadership & maturity (no hiring duties): Establish and refine SOC processes (tiering, shift coverage, escalation paths, QA, SLAs/OLAs). Drive runbook discipline, training plans, and continuous improvement for service quality. Own SOC KPIs (MTTD/MTTR, detection efficacy, false-positive rate, case aging, CSAT/NPS). Detection & response (hands-on): Build and tune detections in SIEM/XDR; develop correlation rules, parsers, and dashboards. Lead investigations and major incidents end-to-end; conduct post-incident reviews and reporting. Perform proactive threat hunting aligned to MITRE ATT&CK and emerging TTPs. Tooling & platform engineering: Deploy, integrate, and operate EDR/MDR ( CrowdStrike , SentinelOne, Blackpoint ), Microsoft 365/Windows Defender , SIEM, SOAR, email security, vulnerability scanners, and NSM tools. Engineer log onboarding/normalization across cloud (AWS, Azure, M365 , GCP), network, endpoint, identity, and SaaS sources. Build automation/orchestration playbooks to reduce MTTD/MTTR and analyst toil. Service delivery & client engagement: Serve as technical point of contact for customers; present posture reviews and improvement plans. Define and meet service SLAs; contribute to SOWs, service catalogs, and onboarding playbooks. Coordinate with customer IT/CISO teams, vendors, and legal/compliance during incidents. Risk, compliance & continuous improvement: Map detections, controls, and reporting to frameworks/standards (NIST CSF/800-53, CIS Controls, SOC 2, ISO 27001). Drive vulnerability and exposure management with risk-based prioritization. Run tabletop exercises, purple-team activities, and lessons learned. Your knowledge, skills, and abilities: Deep knowledge of SOC operations (triage, incident lifecycle, evidence handling, documentation). Strong grasp of Windows/*nix/AD/ M365 , identity security (SSO/MFA), network protocols, and cloud telemetry. Expertise in detection engineering and query languages (SPL, KQL , Elastic DSL, AQL). Familiarity with adversary emulation and frameworks (MITRE ATT&CK, D3FEND, CIS Controls). Understanding of email security (phishing, BEC), vulnerability scanning/patching, and network security monitoring (IDS/IPS, PCAP). Proficiency with SOAR concepts and playbook design (enrichment, containment, ticketing). Scripting/automation (PowerShell, Python, or equivalent) for enrichment, triage, and response. Clear written/verbal communication for executive briefings and technical reports. Applicants must have authorization to work in the United States without current or future visa sponsorship Specific Qualifications: Experience: 7–10 years in MSSP settings; 5+ years on a SOC team; 2–4+ years in a lead/technical lead capacity. Platforms (hands-on in several): EDR/XDR/MDR: CrowdStrike , SentinelOne, Blackpoint, Microsoft Defender for Endpoint, Cortex XDR, etc. Microsoft ecosystem: Microsoft 365, Windows Defender / Defender for Endpoint, Defender for Office 365, Azure security telemetry (KQL, Log Analytics, Sentinel). SIEM: Splunk, Microsoft Sentinel, Elastic, QRadar, Exabeam, or similar. SOAR: Splunk SOAR, Cortex XSOAR, Sentinel automation. Email security & awareness: Mimecast, KnowBe4, Material Security, M365 Defender for Office 365. Vulnerability management: Tenable, Qualys, or Rapid7. NSM/IDS: Zeek, Suricata, commercial IDS/IPS. IR leadership: Proven track record leading medium/major incidents (ransomware, BEC, insider, cloud credential abuse). Cloud: Experience securing and monitoring AWS/Azure/GCP and M365 (identity and endpoint telemetry). Process: Built or matured playbooks, runbooks, use-case catalogs, and service reporting. Demonstrated KPI/OKR management. Certifications (nice to have): CISSP, GIAC (GCIA/GCIH/GCFA/GCDA/GMON), OSCP, Azure/Microsoft security (SC-200/SC-100), Splunk, CrowdStrike CCFR/CCFA, or similar. Availability: Able to participate in escalation/on-call rotation and support off-hours incidents as needed. Education: BS in CS/Cybersecurity or equivalent experience (experience > degree where applicable) Why Echelon? We are committed to creating an inclusive environment for our team with unquestioned integrity. If you have a special need that requires accommodation, please let your recruiter know. One of our core values in "People with Personality" and we want to allow you the space to bring your full self to work. We currently offer the following benefits: Access to medical, dental, and vision insurance through Cigna, with the majority of the employee cost covered by the employer Employer funding to HSA accounts and FSA access Access to a 401(k) through Vanguard with a guaranteed employer contribution Flexible vacation policy that allows you to manage your schedule and rest and recharge when you need to. 11 holidays with flexibility based on what is important for you and those you love Employer-paid short-term and long-term disability, employer-paid life insurance, and access to additional life insurance, hospital coverage, accidental coverage, discounted mental health support, and more Support for individual development through certifications, continued learning, conferences, and more We value a diverse workforce and a culture of inclusivity and belonging. All employment decisions shall be made without regard to age, race, creed, color, religion, gender, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law. Echelon Risk + Cyber is an Equal Opportunity Employer.