Must be US Citizens or Permanent Resident
Location: Harrisburg, PA
** Hybrid Role
Contract Length: Long-term contract (6-month Contract to Hire)
Position Overview:
The Senior Security Operations Center (SOC) Architect is responsible for designing, implementing, and optimizing the client’s NextGen SOC infrastructure to enhance threat detection, incident response, and threat-hunting capabilities across a hybrid cloud environment. This role combines advanced technical expertise with strategic planning to align SOC operations with industry best practices, regulatory compliance, and the organization’s broader security objectives.
Candidates strong in: Firewalls, security tools, applications, AWS/Azure
Preferred tools: Sentinel, Crowdstrike, Chronicle
Required Skills:
- 5+ years experience designing and implementing SOC architectures that support advanced threat detection, incident response, and threat-hunting capabilities across hybrid cloud environments.
- Proficiency in integrating and managing security tools such as SIEM, EDR, SOAR, NDR, and cloud-based platforms (e.g., AWS Security Hub, MS Defender, Trend Micro Vision One).
- Expertise in creating and maintaining incident response playbooks, SOPs, runbooks, and conducting SOC capability assessments to identify and address operational gaps.
- Strong understanding of regulatory compliance frameworks (e.g., NIST SP 800-53) and experience ensuring SOC alignment with internal and external audit requirements.
- Demonstrated ability to analyze security alerts, conduct proactive threat hunting, and lead forensic investigations to resolve incidents and improve overall SOC effectiveness.
Duties:
- Develop and maintain a robust SOC architecture that supports threat detection, incident response, and threat-hunting capabilities across a hybrid cloud environment.
- Evaluate and integrate security tools and platforms such as SIEM, EDR, SOAR, NDR, etc. to enhance SOC operations.
- Create and maintain incident response playbooks, standard operating procedures (SOPs), and runbooks for efficient SOC operations.
- Conduct SOC capability assessments and maturity analysis to identify gaps and areas for improvement.
- Establish and optimize monitoring strategies and use cases to improve threat detection and proactive monitoring.
- Develop strategic relationships with internal and external stakeholders, ensuring the SOCs alignment with broader security strategies.
- Provide guidance and technical mentorship to our SOC analysts and security engineers within the ESO.
- Ensure SOC compliance with internal and regulatory requirements by following all applicable NIST SP 800-53 families such as IR, AU, SI, AC, CA, etc. and contribute to audit readiness efforts.
- Stay current with emerging threats and trends, recommending changes to the SOC architecture and processes as needed.
- Prepare detailed emerging threat reports using threat feeds and share any findings with agency stakeholders.
- Assist with developing metrics and dashboards to report to senior management.
- Periodically performing scenario-based retroactive threat hunting.
- Review alerts and findings from LogRhythm and cloud-based security tools such as AWS Security Hub, AWS Guard Duty, MS Defender for Endpoints, and Trend Micro Vision One.
- Continuous monitoring of existing information security solutions and security control effectiveness.
- Proactively identify threats and vulnerabilities, and collect, correlate, and analyze data to detect actual or potential unauthorized access to the agency’s networks and systems.
- Evaluate the type and severity of security events by making use of an in-depth understanding of exploits and vulnerabilities. Resolve issues by taking the appropriate corrective action or following the appropriate escalation procedures. Lead forensics investigations when required.
- Triage information security events, prioritize them accordingly, and escalate them as required.
- Analyze alerts and log events to identify potential security threats and initiate incident response procedures.
- Gather all relevant documentation and evidence related to incidents.
- Collaborate with various teams to identify technical controls to meet specific security requirements.
- Perform self-assessments of security controls to determine effectiveness, sufficiency, and gaps.