Senior SOC Architect
Harrisburg, PA
Contracted
Experienced
Must be US Citizens or Permanent Resident
Location: Harrisburg, PA - **Local candidates only **
** Hybrid Role, 1 day per week on-site **
Contract Length: Long-term contract (6-month Contract to Hire)
Position Overview:
The Senior Security Operations Center (SOC) Architect is responsible for designing, implementing, and optimizing the client’s NextGen SOC infrastructure to enhance threat detection, incident response, and threat-hunting capabilities across a hybrid cloud environment. This role combines advanced technical expertise with strategic planning to align SOC operations with industry best practices, regulatory compliance, and the organization’s broader security objectives.
Required Skills:
Location: Harrisburg, PA - **Local candidates only **
** Hybrid Role, 1 day per week on-site **
Contract Length: Long-term contract (6-month Contract to Hire)
Position Overview:
The Senior Security Operations Center (SOC) Architect is responsible for designing, implementing, and optimizing the client’s NextGen SOC infrastructure to enhance threat detection, incident response, and threat-hunting capabilities across a hybrid cloud environment. This role combines advanced technical expertise with strategic planning to align SOC operations with industry best practices, regulatory compliance, and the organization’s broader security objectives.
Required Skills:
- 7+ years experience designing and implementing SOC architectures that support advanced threat detection, incident response, and threat-hunting capabilities across hybrid cloud environments.
- Proficiency in integrating and managing security tools such as SIEM, EDR, SOAR, NDR, and cloud-based platforms (e.g., AWS Security Hub, MS Defender, Trend Micro Vision One).
- Expertise in creating and maintaining incident response playbooks, SOPs, runbooks, and conducting SOC capability assessments to identify and address operational gaps.
- Strong understanding of regulatory compliance frameworks (e.g., NIST SP 800-53) and experience ensuring SOC alignment with internal and external audit requirements.
- Demonstrated ability to analyze security alerts, conduct proactive threat hunting, and lead forensic investigations to resolve incidents and improve overall SOC effectiveness.
- Develop and maintain a robust SOC architecture that supports threat detection, incident response, and threat-hunting capabilities across a hybrid cloud environment.
- Evaluate and integrate security tools and platforms such as SIEM, EDR, SOAR, NDR, etc. to enhance SOC operations.
- Create and maintain incident response playbooks, standard operating procedures (SOPs), and runbooks for efficient SOC operations.
- Conduct SOC capability assessments and maturity analysis to identify gaps and areas for improvement.
- Establish and optimize monitoring strategies and use cases to improve threat detection and proactive monitoring.
- Develop strategic relationships with internal and external stakeholders, ensuring the SOCs alignment with broader security strategies.
- Provide guidance and technical mentorship to our SOC analysts and security engineers within the ESO.
- Ensure SOC compliance with internal and regulatory requirements by following all applicable NIST SP 800-53 families such as IR, AU, SI, AC, CA, etc. and contribute to audit readiness efforts.
- Stay current with emerging threats and trends, recommending changes to the SOC architecture and processes as needed.
- Prepare detailed emerging threat reports using threat feeds and share any findings with agency stakeholders.
- Assist with developing metrics and dashboards to report to senior management.
- Periodically performing scenario-based retroactive threat hunting.
- Review alerts and findings from LogRhythm and cloud-based security tools such as AWS Security Hub, AWS Guard Duty, MS Defender for Endpoints, and Trend Micro Vision One.
- Continuous monitoring of existing information security solutions and security control effectiveness.
- Proactively identify threats and vulnerabilities, and collect, correlate, and analyze data to detect actual or potential unauthorized access to the agency’s networks and systems.
- Evaluate the type and severity of security events by making use of an in-depth understanding of exploits and vulnerabilities. Resolve issues by taking the appropriate corrective action or following the appropriate escalation procedures. Lead forensics investigations when required.
- Triage information security events, prioritize them accordingly, and escalate them as required.
- Analyze alerts and log events to identify potential security threats and initiate incident response procedures.
- Gather all relevant documentation and evidence related to incidents.
- Collaborate with various teams to identify technical controls to meet specific security requirements.
- Perform self-assessments of security controls to determine effectiveness, sufficiency, and gaps.
Apply for this position
Required*