Skip to main content

Security Operations Center (SOC) Manager

Job DescriptionJob Description

At Armor, we are committed to making a meaningful difference in securing cyberspace. Our vision is to be the trusted protector and de facto standard that cloud-centric customers entrust with their risk. We strive to continuously evolve to be the best partner of choice, breaking norms and tirelessly innovating to stay ahead of evolving cyber threats and reshaping how we deliver customer outcomes. We are passionate about making a positive impact in the world, and we’re looking for a highly skilled and experienced talent to join our dynamic team.

Armor has unique offerings to the market so customers can a) understand their risk b) leverage Armor to co-manage their risk or c) completely outsource their risk to Armor.

Learn more at: https://www.armor.com

SUMMARY*

Armor is seeking a Security Operations and Incident Response Leader to serve as a hands-on leader and transformation agent for our Managed Services security operations function. This hybrid position is based in Plano, TX. Reporting to the Head of Professional Services, SecOps, and Customer Success, this role leads a team of security professionals located across the globe in delivering security operations, incident response consultation, and security tooling management to our managed security customers.

This leader will drive the transformation of our SOC into a modern, agentic security operations center while maintaining operational excellence in triage, incident response, and security policy management. The role combines people leadership with strategic vision to deliver customer outcomes focused on security improvement, risk reduction, security resilience, and compliance.

This role follows a hybrid schedule with in-office presence required three days per week (Tuesday–Thursday).

ESSENTIAL DUTIES AND RESPONSIBILITIES (Additional duties may be assigned as required)*

Team Leadership and Development

  • Directly manage a team of Incident Response Consultants and Security Operations professionals, including performance management, career development, regular 1:1s, and goal-setting.
  • Lead the upskilling and rapid professional development of team members, ensuring readiness for evolving security challenges and agentic workflows.
  • Participate in recruiting new team members through a collaborative hiring process, including interviewing, evaluating candidates, and onboarding.
  • Coach and mentor team members on technical skills, customer consultation techniques, and professional growth.
  • Build and maintain a high-performance culture focused on customer outcomes, continuous improvement, and operational excellence.

SOC Transformation and Modernization

  • Lead the transformation of the SOC into a modern agentic security operations center, leveraging AI-augmented workflows and automation to enhance detection, response, and operational efficiency.
  • Drive modernization initiatives across the security operations function, including process optimization, tooling enhancements, and capability development.
  • Work cross-functionally to rapidly operationalize new security capabilities and integrate them into SOC responsibilities (e.g., CSPM, Defender for OT, Purview, and emerging platforms).
  • Collaborate with Armor’s engineering team to evaluate, build, and implement emerging technologies including AI/ML-assisted detection, automated response, and cloud- security tools.
  • Work with engineering to design and optimize agentic AI processes that maintain human oversight, accountability, and security standards.

Security Operations and Incident Response

  • Oversee SOC triage operations, ensuring adequate coverage, quality, and consistent delivery of security monitoring and alerting services.
  • Serve as senior escalation point for high-severity incidents, providing hands-on technical leadership through complex investigations and customer engagements.
  • Manage security policy creation and maintenance across multiple platforms (AV, FIM, IDS, NGFW, EDR, WAF, etc.).
  • Oversee security tooling management, ensuring proper configuration, optimization, and operational readiness.
  • Conduct quality reviews of team deliverables including incident reports, customer recommendations, and detection content.
  • Contribute to incident response playbook development, detection use-case creation, and consultation framework improvements.

Customer Outcomes and Organizational Collaboration

  • Evolve SOC operations to prioritize customer outcomes including security improvement, risk reduction, security resilience, and compliance achievement.
  • Collaborate with the broader organization to ensure security operations capabilities align with customer needs and business objectives.
  • Partner with Engineering, Product, and Customer Success teams on service improvements and capability development.
  • Monitor and report on team performance, balancing customer outcome metrics with operational efficiency and SLA adherence.
  • Coordinate with international teams to ensure consistency in procedures, escalation handling, and customer experience.

Required Skills

  • Strong proficiency with security tools: EDR/XDR, SIEM, SOAR, and threat intelligence platforms.
  • Deep understanding of cloud security across Azure, AWS, and GCP including , networking, and workload protection.
  • Advanced forensic analysis and threat hunting skills sufficient to lead complex investigations and guide team members.
  • Proficient in scripting (Python, PowerShell, KQL) for analysis, detection development, and response automation.
  • Proficiency with git version control including branching, commits, and collaborative development workflows.
  • Proficiency with AI-assisted tools (Claude Code, GitHub Copilot, or equivalent) for accelerating detection development, security analysis, and team productivity.
  • Experience driving AI tool adoption within a team while maintaining security standards and quality assurance.
  • Understanding of AI/LLM security risks including prompt injection, data leakage, and model limitations.
  • Ability to critically evaluate AI-generated outputs for accuracy and security implications.
  • Demonstrated people management skills including performance coaching, conflict resolution, and team development.
  • Strong organizational skills with ability to balance transformation initiatives, operational demands, and team development.
  • Excellent communication skills with ability to engage customers, report to leadership, and coach team members effectively.
  • Experience developing detection content (Sigma, YARA, KQL) and response playbooks.
  • Experience leading or coordinating across international teams preferred.

Education and/or Experience

  • 5-8 years of experience in security operations, incident response, security consulting, or related fields, with demonstrated leadership or supervisory experience.
  • Required certifications within 12 months: Microsoft Azure Security Technologies (AZ-500), Microsoft Security Operations Analyst (SC-200), Microsoft and Access Administrator (SC-300).
  • Certifications required: GCIH, GCFA, or equivalent. Additional certifications preferred: CISSP, GREM, CySA+.
  • Bachelor's Degree in Information Technology, Cybersecurity, or related field preferred; equivalent experience accepted.

WHY ARMOR
Join Armor if you want to be part of a company that is redefining cybersecurity. Here, you will have the opportunity to shape the future, disrupt the status quo, and be a part of a team that celebrates energy, passion, and fresh thinking. We are not looking for someone who simply fills a role – we want talent who will help us write the next chapter of our growth story.

Armor Core Values:

  • Commitment to Growth: A growth mindset that encourages continuous learning and improvement with adaptability in the face of challenges.
  • Integrity Always: Sustain trust through transparency + honesty in all actions and interactions regardless of circumstances.
  • Empathy In Action: Active understanding, compassion and support to the needs of others through genuine connection.
  • Immediate Impact: Taking initiative with swift, informed actions to deliver positive outcomes.
  • Follow-Through: Dedication to delivering finished results with attention to quality and detail to achieve the desired outcomes.

Work Environment

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. The noise level in the work environment is usually low to moderate. The work environment may be in either an office setting, at the company’s data center, at a client location or at an industry trade event.

Equal Opportunity Employer - It is the policy of the company to comply with all employment laws and to afford equal employment opportunity to individuals in all aspects of employment, including in selection for job opportunities, without regard to , , , , , age, , genetic information, veteran status, or any other consideration protected by federal, state or local laws.