SOC Supervisor

We are seeking an experienced SOC Supervisor to lead the day-to-day operations of our Security Operations Center. This role is responsible for managing SOC personnel, overseeing alert and incident response workflows, ensuring service levels and quality standards are met, and driving continuous operational improvement. 

The SOC Supervisor serves as both a tactical leader and a strategic manager. On the tactical side, this person oversees queue health, coordinates major incident response, removes blockers for engineers, and acts as the highest point of operational escalation. On the strategic side, the role focuses on people leadership, process governance, KPI reporting, quality assurance, and SOC maturity initiatives. 

This is a leadership role for someone who can balance operational oversight, incident command, coaching and development, and continuous process improvement in a fast-paced managed services environment.

Operational Oversight & Incident Handling 

• Oversee daily SOC operations and monitor the health of the alert and ticket queue
• Balance workloads across SOC team members to ensure efficient operations
• Act as Incident Commander during critical or high-impact security incidents
• Lead communications with customers, internal IT teams, and executive stakeholders during major incidents
• Ensure the team consistently meets SLAs for triage, response, escalation, and resolution
• Remove technical, operational, or cross-functional blockers impacting investigations
• Serve as the highest point of operational escalation for the team or shift
• Review handoff logs and ensure continuity across shifts 

Team Leadership & People Management 

• Lead, coach, and develop SOC staff across multiple experience levels
• Conduct regular 1-on-1 meetings focused on performance, growth, and career development
• Manage shift schedules, coverage plans, on-call rotations, and time-off requests
• Build training plans and support skill development for junior and mid-level analysts
• Address performance, behavioral, and engagement issues promptly and professionally
• Foster a collaborative, accountable, and blameless team culture
• Support internal talent progression and promotion readiness 

Quality Assurance 

• Conduct regular QA reviews of closed, escalated, and high-impact tickets
• Ensure SOC documentation is accurate, complete, professional, and audit-ready
• Identify recurring quality issues or knowledge gaps across the team
• Provide clear, actionable feedback to improve analysis quality and communication
• Address stakeholder feedback related to investigation quality or customer communication 

Process Governance & Playbooks 

• Enforce the use of approved playbooks, SOPs, and standardized workflows
• Ensure team members contribute to the creation and maintenance of playbooks
• Review and approve updates to core SOC processes and response procedures
• Maintain operational compliance with internal standards and relevant regulatory requirements
• Drive consistency in incident handling and reduce reliance on tribal knowledge 

Operational Improvement 

• Analyze SOC metrics such as time to triage, time to contain, response efficiency, and queue aging
• Identify process bottlenecks and implement workflow improvements
• Advocate for tooling enhancements, automation opportunities, and detection tuning
• Partner with Detection Engineering, Threat Intelligence, IT, and other teams to close operational gaps
• Reduce analyst fatigue and false positives through process and technology improvements
• Help mature the SOC from a reactive function into a proactive security operation 

Reporting, Communication & Ownership 

• Generate and present KPI and performance reporting to leadership on a regular basis
• Provide accurate, transparent updates on SOC operations, risks, and team performance
• Represent the SOC in cross-functional meetings and stakeholder discussions
• Proactively identify risks to service delivery, including staffing shortages, tooling issues, and process gaps
• Take accountability for team outcomes and lead root cause analysis and corrective actions when issues arise 

• Strong leadership and people management skills in a SOC, NOC, or security operations environment
• Experience leading major incident response and serving in an incident command role
• Deep understanding of SOC workflows, escalation paths, case management, and alert triage operations
• Ability to manage queue health, prioritize competing operational demands, and maintain SLA performance
• Strong communication skills with the ability to engage technical teams, customers, and executive stakeholders
• Experience with QA reviews, documentation standards, and audit-ready case handling
• Ability to use metrics and reporting to drive operational decisions and continuous improvement
• Knowledge of playbook development, SOP governance, and process standardization
• Familiarity with detection tuning, SOAR/automation opportunities, and operational tooling improvements
• Strong coaching, mentoring, and performance management capabilities
• Ability to stay calm and decisive in high-pressure situations
• Strong organizational skills and ability to balance tactical response with strategic initiatives 

• 5+ years of experience in Security Operations, Incident Response, or Cybersecurity Operations
• 2+ years of experience in a leadership, supervisory, or team lead role within a SOC or similar environment
• Experience managing analysts or engineers across multiple levels of seniority
• Proven experience overseeing security incidents, escalations, and operational workflows in a 24x7 or shift-based environment
• Experience working with SOC tooling such as SIEM, SOAR, EDR/XDR, ticketing systems, and case management platforms
• Strong understanding of incident response processes, threat detection, escalation management, and security operations best practices
• Experience with KPI development, SLA tracking, and operational performance reporting
• Familiarity with audit, compliance, and documentation requirements relevant to security operations
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field preferred
• Industry certifications such as Security+, CySA+, GCIH, GCIA, CISSP, or equivalent are preferred 

• This is a full-time remote role, 8am – 5pm EST, Monday – Friday. Occasional travel for CTS Cybersecurity and team building events is expected (3-4 times a year).

The salary range for this role is $110,000 - $115,000.

• Competitive compensation
• Health Insurance (medical, vision, dental), 80% covered for employee-only plans and 75% covered for employee-spouse, employee-kids, and employee-family plans
• Flexible Spending Account (FSA)
• Health Savings Account (HSA)
• Employee Assistance Program (EAP)
• Retirement Plan (401(k)) with company match
• Commuter Benefits
• Short-Term Disability Insurance fully paid by the company
• Long-Term Disability Insurance fully paid by the company
• Life and AD&D Insurance, with optional Supplemental Life Insurance
• Paid Time Off, including Paid Parental Leave
• 10 Holidays
• 2 Floating Holidays

CTS participates in the E-Verify Program. As part of this program, the company provides the federal government with your Form I-9 information to confirm your employment eligibility in the United States.
Learn more at www.e-verify.gov (information available in English and Spanish).