SOC Lead at Apavo Corporation – Arlington, Virginia

Job Title: SOC Lead

Location: Arlington, VA

Department: Cyber Security Services

Reports To: Management

FLSA Status: Full Time/Non-exempt

Description:

Apavo is at the forefront of cybersecurity, providing services to military, defense, and critical infrastructure industries. Joining the Apavo team means becoming part of a company rooted in the principles of quality, and communication. We value positive, candid interactions and the belief that everyone has valuable contributions to make. Apavo stands out for its commitment to a work-life balance and fostering a growth mindset among all team members. If you are looking to make a meaningful impact in the cybersecurity world while growing professionally in a supportive environment, Apavo is the place for you.

Job Purpose:

The SOC Lead is responsible for the strategic direction, daily management, and operational excellence of the Security Operations Center (SOC) supporting the Multi-Network Support Services (MNSS) contract. This role provides oversight across five classification levels spanning 14 distinct network enclaves, encompassing both unclassified and classified environments. The SOC Lead serves as the senior leader for Tier 1, Tier 2, and Tier 3 SOC analysts, driving a unified, mission-focused security operations capability that protects the most critical IT infrastructure and data assets.

In this role, the SOC Lead is responsible for building and sustaining a high-performing analyst workforce, establishing and refining SOC processes, and ensuring continuous monitoring, detection, and response operations across all assigned enclaves. The SOC Lead serves as the primary point of escalation for complex incidents, coordinates with ISSMs, ISSOs, system owners, and government stakeholders, and ensures that all SOC activities align with federal cybersecurity standards, mission requirements, and contract obligations. This is a leadership-first role requiring both deep technical expertise and the ability to develop, mentor, and inspire a multi-tiered analyst team.

Duties & Responsibilities:

SOC Lead responsibilities include, but are not limited to:

SOC Operations & Oversight:

• Provide day-to-day leadership and oversight of SOC operations across five classification levels and 14 network enclaves, ensuring continuous 24/7 monitoring coverage and operational readiness.
• Serve as the senior escalation point for Tier 1, Tier 2, and Tier 3 analyst teams, providing expert guidance on complex threats, incidents, and investigations.
• Establish, document, and enforce SOC standard operating procedures (SOPs), playbooks, and escalation workflows across all classification levels.
• Monitor SOC performance metrics and KPIs, including mean time to detect (MTTD), mean time to respond (MTTR), alert fidelity, and analyst throughput.
• Manage shift schedules, workload distribution, and surge capacity to maintain operational coverage across all enclaves.
• Oversee and validate SIEM tuning, alert logic, and detection rule development to reduce false positives and improve detection fidelity across enclave environments.
• Coordinate with SOAR engineers to develop and refine automated response playbooks that align with multi-enclave operational requirements.

Incident Response & Threat Management:

• Lead the SOC’s incident response capability, ensuring rapid triage, containment, eradication, and recovery across affected enclaves.
• Serve as incident commander for high-severity and cross-enclave security events, coordinating response actions with ISSMs, ISSOs, system owners, and government leadership.
• Oversee threat hunting activities conducted by Tier 3 analysts, ensuring proactive identification of advanced persistent threats (APTs) and insider threats across classified and unclassified networks.
• Ensure timely and accurate incident reporting in accordance with DoD, IC, and reporting requirements.
• Conduct post-incident reviews and lessons learned sessions to drive continuous improvement of detection and response capabilities.

Team Leadership & Development:

• Directly supervise and mentor Tier 1, Tier 2, and Tier 3 SOC analysts, fostering a culture of continuous learning, mission focus, and professional growth.
• Conduct performance evaluations, establish individual development plans, and identify training and certification opportunities for all analyst tiers.
• Lead hiring efforts for SOC analyst positions in coordination with HR and program leadership.
• Facilitate regular team meetings, knowledge sharing sessions, and tabletop exercises to strengthen team cohesion and incident readiness.

Stakeholder Engagement & Reporting:

• Serve as the primary SOC liaison to government clients, program management, ISSMs, and senior leadership, providing regular operational briefings and status updates.
• Develop and deliver SOC performance reports, trend analysis, and executive-level summaries on a weekly, monthly, and ad-hoc basis.
• Collaborate with engineering, ISSO, and compliance teams to ensure SOC visibility and detection capabilities align with system ATO boundaries and security control requirements.

Compliance & Continuous Improvement:

• Ensure all SOC operations comply with applicable federal regulations, DoD directives, IC policies, NIST frameworks, and DISA STIGs.
• Identify gaps in detection coverage, tooling, and processes and develop improvement roadmaps in coordination with program leadership.
• Stay current on the evolving threat landscape, emerging attack techniques, and advancements in security operations to maintain a forward-leaning SOC posture.
• Other duties as assigned.

The SOC Lead is expected to have additional duties as assigned in support of corporate cybersecurity services. Additional details are reviewed in accordance with company policies.

Other:

This is typical office or administrative work, and there is no exposure to adverse environmental conditions.

This position requires sedentary work. Sedentary work is defined as: Exerting up to 10 pounds of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.

Apavo Corporation provides equal employment opportunities to all applicants and employees and strictly prohibits any type of harassment or discrimination in regards to race, religion, age, color, sex, disability status, national origin, genetics, sexual orientation, protected veteran status, gender expression, gender identity, or any other characteristic protected under federal, state, and/or local laws.

Consistent with the Americans with Disabilities Act (ADA), it is the policy of Apavo Corporation to provide reasonable accommodation when requested by a qualified applicant or employee with a disability, unless such accommodation would cause an undue hardship. The policy regarding requests for reasonable accommodation applies to all aspects of employment, including the application process. If reasonable accommodation is needed, please contact Apavo Human Resources at hr@apavo.com or 571-407-0069

Employment with Apavo Corporation is on an at-will basis, meaning either you or the Company can terminate the employment relationship, at any time, for any or no reason, and with or without cause or notice. As an at-will employee, your employment with Apavo Corporation is not guaranteed for any length of time.

Qualifications:

Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field; Master’s degree preferred.

8+ years of professional experience in cybersecurity, with at least 3+ years in a SOC leadership or senior analyst role.

Demonstrated experience managing or leading multi-tiered SOC teams (Tier 1–3) in a DoD or IC environment.

Must currently possess an active TS/SCI clearance with the ability to obtain and maintain a CI polygraph.

IAT Level III or IAM Level II/III certification required (e.g., CISSP, CISM, GSLC, CASP+).

One or more of the following preferred: GCIH, GCIA, GCFA, GSOM, GCDA, or equivalent incident response/SOC certifications.

Extensive experience with SIEM platforms (e.g., Splunk, QRadar, Microsoft Sentinel) in multi-enclave, classified environments.

Experience with SOAR platforms and automated response workflows.

Strong knowledge of DoD and IC network architectures, including cross-domain solutions, classified enclave structures, and multi-classification environments.

Deep familiarity with NIST SP 800-61, NIST SP 800-137, CJCSM 6510.01, and other relevant federal incident response and continuous monitoring frameworks.

Proven ability to lead high-stakes incident response operations and communicate effectively with senior government stakeholders.

Experience with threat intelligence platforms, threat hunting methodologies, and adversary TTPs (MITRE ATT&CK framework).

Strong written and verbal communication skills; ability to translate complex technical findings into clear executive-level reporting.