1

Security Operations Center Lead Jobs (NOW HIRING)

... Security Operations Center Lead SME is the senior cybersecurity operations authority within the WDP Core Integration program, responsible for directing continuous monitoring, threat detection, and ...

Security Operations Center Watch Lead

Tempe, AZ · On-site

$17.50 - $21.75/hr

Waymo Security Operations Center Watch Lead Waymo is an autonomous driving technology company with the mission to be the world's most trusted driver. Since its start as the Google Self-Driving Car ...

Security Operations Center Watch Lead

Phoenix, AZ · On-site

$17.75 - $22/hr

As a Security Operations Center Watch Lead, you will be responsible for maintaining comprehensive situational awareness and managing real-time security events, serving as the security representative ...

Security Operations Center Watch Lead

Phoenix, AZ · On-site

$17.75 - $22/hr

As a Security Operations Center Watch Lead, you will be responsible for maintaining comprehensive situational awareness and managing real-time security events, serving as the security representative ...

Security Operations Center Watch Lead

Phoenix, AZ · On-site

$17.75 - $22/hr

As a Security Operations Center Watch Lead, you will be responsible for maintaining comprehensive situational awareness and managing real-time security events, serving as the security representative ...

Security Operations Center Watch Lead Waymo is an autonomous driving technology company with the mission to be the world's most trusted driver. Since its start as the Google Self-Driving Car Project ...

next page

Showing results 1-20

Security Operations Center Lead information

See salary details

$28K

$67.7K

$162K

How much do security operations center lead jobs pay per year?

As of Jul 1, 2026, the average yearly pay for security operations center lead in the United States is $67,675.00, according to ZipRecruiter salary data. Most workers in this role earn between $43,000.00 and $81,500.00 per year, depending on experience, location, and employer.

What is the difference between Security Operations Center Lead vs Security Analyst?

AspectSecurity Operations Center LeadSecurity Analyst
CertificationsCompTIA Security+, CISSP, CEHCompTIA Security+, GIAC Security Essentials
Work EnvironmentLead team, coordinate incident response, oversee security operationsMonitor security alerts, analyze threats, implement security measures
Employer & Industry UsageSecurity teams in various industries, often in managerial contextsSecurity teams, IT departments across industries

The Security Operations Center Lead typically oversees security teams, manages incident response, and coordinates security efforts, requiring leadership skills and certifications like CISSP. In contrast, a Security Analyst focuses on monitoring security alerts, analyzing threats, and implementing security measures. Both roles are essential in cybersecurity but differ mainly in responsibility level and scope.

What are the key skills and qualifications needed to thrive as a Security Operations Center Lead, and why are they important?

To thrive as a Security Operations Center (SOC) Lead, you need a deep understanding of cybersecurity principles, incident response, and threat analysis, typically supported by a degree in information security or related field and relevant certifications like CISSP or CISM. Familiarity with SIEM platforms, intrusion detection/prevention systems, and other security monitoring tools is essential. Leadership, strong problem-solving, and effective communication skills help you guide teams and coordinate responses under pressure. These competencies ensure robust security monitoring, timely incident mitigation, and cohesive team performance in protecting organizational assets.

What are some common challenges faced by a Security Operations Center (SOC) Lead, and how can they be managed effectively?

A Security Operations Center Lead often faces challenges such as managing a high volume of security alerts, coordinating incident response across teams, and ensuring continuous coverage for 24/7 operations. Effective communication, setting clear escalation procedures, and prioritizing alerts based on risk are key strategies for addressing these issues. Additionally, ongoing training and fostering a collaborative team environment help maintain a high level of preparedness and morale, enabling the SOC to respond efficiently to security threats.

What does a Security Operations Center (SOC) Lead do?

A Security Operations Center (SOC) Lead oversees the day-to-day operations of a team responsible for monitoring, detecting, and responding to cybersecurity threats within an organization. They coordinate incident response efforts, manage SOC analysts, and ensure that security protocols and tools are effective and up-to-date. Additionally, a SOC Lead often collaborates with other IT and security teams, provides training, and helps develop strategies to improve the organization’s overall security posture.
More about Security Operations Center Lead jobs
What cities are hiring for Security Operations Center Lead jobs? Cities with the most Security Operations Center Lead job openings:

Security Operations Center Lead

FGCU Florida Gulf Coast University

Campus, IL • On-site

Full-time

Posted 5 days ago


Job description

Job Summary

The Security Operations Center Lead is responsible for leading the day-to-day operations of the University's Security Operations Center, including cybersecurity monitoring, alert triage, incident response coordination, operational reporting, and continuous improvement of SOC processes. This position serves as the primary operational lead for the SOC and provides technical supervision, mentorship, and professional development for undergraduate and graduate student analysts. The position ensures that security events are investigated, documented, escalated, and remediated in accordance with approved procedures, response playbooks, and institutional priorities. The lead collaborates closely with Information Technology Services, the Information Security Office, Help Desk, Client Services, and other university stakeholders and external partners to protect University systems, data, services, and users while supporting the broader mission of cybersecurity education, workforce development, and institutional risk reduction.
FGCU is building a culture of curiosity, commitment and collaboration. We value employees who successfully work with others and drive positive change through critical thinking and decisive action. If you thrive in an environment of innovation, accountability and mutual respect, you will find a good home here.

Job Description

Typical duties may include but are not limited to:

  • Leads day-to-day Security Operations Center (SOC) activities, including security monitoring, alert triage, investigation, escalation, incident response coordination, operational reporting, and analyst shift oversight.
  • Participates in after-hours incident response, emergency escalation, and on-call support as needed to address significant cybersecurity events or operational requirements.
  • Recruits, hires, trains, mentors, and supervises undergraduate and graduate student analysts. Provides ongoing coaching, performance feedback, and career development support.
  • Develops and maintains a structured student analyst training program covering alert triage, SIEM operations, threat detection, MITRE ATT&CK methodologies, digital forensics fundamentals, investigation procedures, and incident response workflows.
  • Develops or supports cybersecurity exercises, tabletop scenarios, and incident response drills to evaluate readiness and improve coordination among SOC personnel, ITS teams, and university stakeholders.
  • Establishes analyst progression standards, operational guardrails, and escalation thresholds to ensure student analysts operate within approved authority and documented procedures.
  • Performs security monitoring, investigation, and incident response activities as needed to maintain SOC operations during periods of reduced student staffing or elevated operational demand.
  • Reviews, validates, and directs security investigations, ensuring security events are properly analyzed, documented, escalated, and communicated in accordance with established policies, procedures, and response playbooks.
  • Serves as the operational lead during significant cybersecurity incidents, coordinating response activities with Information Technology Services (ITS), university leadership, legal counsel, human resources, communications personnel, and external partners as appropriate.
  • Maintains and improves detection, monitoring, and response capabilities across security technologies, including SIEM, endpoint detection and response (EDR), cloud security platforms, and related cybersecurity tools.
  • Develops, maintains, and updates SOC playbooks, standard operating procedures, workflows, and documentation to support consistent and effective security operations.
  • Manages relationships with managed security service providers (MSSPs), incident response vendors, and other external security partners to support monitoring, investigation, and response activities.
  • Supports security operations and incident response activities involving regulated or sensitive institutional data, including data subject to FERPA, GLBA, PCI DSS, HIPAA where applicable, and university policies.
  • Escalates actionable cybersecurity risks, incidents, and operational concerns to the Chief Information Security Officer (CISO) and other designated stakeholders.
  • Maintains security operations documentation and reports on security metrics, incident trends, operational performance, and student program outcomes.
  • Conducts or supports audits, compliance activities, and security reviews.
  • Conducts post-incident reviews and broader security process evaluations to identify lessons learned, document corrective actions, and recommend improvements to detection logic, response procedures, communication workflows, and operational controls to enhance overall SOC effectiveness and operational efficiency. Communicates technical security findings, risks, and operational impacts in clear, non-technical language suitable for university leadership and business stakeholders.
  • Contributes to broader information security initiatives including cloud security, identity and access management, security awareness, and emerging technology governance efforts.

Other Duties:

  • Performs other job-related duties as assigned.

Additional Job Description

Required Qualifications:

  • This position requires nine years of directly related full-time experience or, as an alternative, a Bachelor's degree from an accredited institution in Cybersecurity, Computer Science, Informatics, Information Systems, or related field and five years of full-time experience directly related to the job functions.
  • Experience with SOC operations, security monitoring, incident response, or related cybersecurity functions, including conducting cybersecurity investigations, alert triage, or security event analysis.
  • Experience with enterprise SIEM, EDR, or similar platforms.
  • Experience utilizing Microsoft security tools, including Microsoft Entra ID, Microsoft Sentinel, Active Directory, Microsoft Defender, Microsoft 365 security features or comparable enterprise security tools.
  • Any appropriate combination of relevant education, experience, and/or certifications may be considered.

Preferred Qualifications:

  • Five years full time experience in cybersecurity operations, incident response, or threat detection.
  • Two years experience in managing, coaching, or mentoring technical staff or junior analysts
  • Familiarity with NIST CSF, NIST 800-53, FERPA, and HIPPA.
  • Experience working in Higher Education.
  • Familiarity with Higher Education technologies, including Banner, Workday, Canvas, Blackboard, and research computing infrastructure.
  • Experience designing security training or formal curricula.
  • Experience with Microsoft Sentinel, Microsoft Defender XDR, Microsoft Entra ID, Microsoft Purview, or related Microsoft security technologies.Experience with SOAR platforms.
  • CISSP, CISM, Security+, GCIH, GCIA, CISA, or similar certifications.

Knowledge, Skills & Abilities:

  • Proven ability to think strategically and approach challenges with creativity.
  • Demonstrated track record of reliability, meeting goals, and holding oneself accountable.
  • Strong interpersonal skills and experience working effectively across teams.
  • Knowledge of security strategies (operating system hardening, vulnerability management, change management, application testing/patching, security tools, and software products).
  • Knowledge of network/system security access, management, and testing.
  • Knowledge of applicable security policies, best practices, and principles.
  • Knowledge of standard computer logging processes and understanding of the types of events logged.
  • Skill in identifying complex problems and reviewing related information to develop and evaluate options and implement solutions.
  • Excellent interpersonal skills.
  • Advanced verbal and written communication skills and the ability to present effectively to small and large groups.
  • Ability to take initiative to plan, organize, coordinate and perform work in various situations when numerous and competing demands are involved.
  • Ability to collaborate and work effectively within the community and willing to contribute to a team effort.
  • Ability to work independently and follow through on assignments.
  • Ability to translate security concepts to all areas of the business.
  • Ability to interpret log data and investigate potential issues.
  • Ability to prepare network/system diagrams and advise on secure implementations of systems and services.
  • Ability to discern between security breaches and more innocent technical bugs.
  • Ability to participate in after-hour incident response or emergency escalation activities as needed.

Institutional Values & Behavioral Expectation

In this role, the successful candidate will be expected to:

  • Seek out new approaches to improve outcomes; remain open for feedback and new ideas.
  • Lead with integrity; consistently produce high-quality work; persevere to overcome obstacles to meet deadlines and achieve deliverables.
  • Share information and insights thoughtfully; build partnerships across departments; communicate respectfully; support colleagues to achieve common goals.

Pay Grade 19

FGCU is a State University System of Florida member and an Equal Opportunity and Equal Access employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, disability, or protected veteran status.