Senior SOC Architect

Must be US Citizens or Permanent Resident
Location: Harrisburg, PA - **Local candidates only **
** Hybrid Role, 1 day per week on-site **
Contract Length: Long-term contract (6-month Contract to Hire)
Position Overview:
The Senior Security Operations Center (SOC) Architect is responsible for designing, implementing, and optimizing the client’s NextGen SOC infrastructure to enhance threat detection, incident response, and threat-hunting capabilities across a hybrid cloud environment. This role combines advanced technical expertise with strategic planning to align SOC operations with industry best practices, regulatory compliance, and the organization’s broader security objectives.
Required Skills:

• 7+ years experience designing and implementing SOC architectures that support advanced threat detection, incident response, and threat-hunting capabilities across hybrid cloud environments.
• Proficiency in integrating and managing security tools such as SIEM, EDR, SOAR, NDR, and cloud-based platforms (e.g., AWS Security Hub, MS Defender, Trend Micro Vision One).
• Expertise in creating and maintaining incident response playbooks, SOPs, runbooks, and conducting SOC capability assessments to identify and address operational gaps.
• Strong understanding of regulatory compliance frameworks (e.g., NIST SP 800-53) and experience ensuring SOC alignment with internal and external audit requirements.
• Demonstrated ability to analyze security alerts, conduct proactive threat hunting, and lead forensic investigations to resolve incidents and improve overall SOC effectiveness.

Duties:

• Develop and maintain a robust SOC architecture that supports threat detection, incident response, and threat-hunting capabilities across a hybrid cloud environment.
• Evaluate and integrate security tools and platforms such as SIEM, EDR, SOAR, NDR, etc. to enhance SOC operations.
• Create and maintain incident response playbooks, standard operating procedures (SOPs), and runbooks for efficient SOC operations.
• Conduct SOC capability assessments and maturity analysis to identify gaps and areas for improvement.
• Establish and optimize monitoring strategies and use cases to improve threat detection and proactive monitoring.
• Develop strategic relationships with internal and external stakeholders, ensuring the SOCs alignment with broader security strategies.
• Provide guidance and technical mentorship to our SOC analysts and security engineers within the ESO.
• Ensure SOC compliance with internal and regulatory requirements by following all applicable NIST SP 800-53 families such as IR, AU, SI, AC, CA, etc. and contribute to audit readiness efforts.
• Stay current with emerging threats and trends, recommending changes to the SOC architecture and processes as needed.
• Prepare detailed emerging threat reports using threat feeds and share any findings with agency stakeholders.
• Assist with developing metrics and dashboards to report to senior management.
• Periodically performing scenario-based retroactive threat hunting.
• Review alerts and findings from LogRhythm and cloud-based security tools such as AWS Security Hub, AWS Guard Duty, MS Defender for Endpoints, and Trend Micro Vision One.
• Continuous monitoring of existing information security solutions and security control effectiveness.
• Proactively identify threats and vulnerabilities, and collect, correlate, and analyze data to detect actual or potential unauthorized access to the agency’s networks and systems.
• Evaluate the type and severity of security events by making use of an in-depth understanding of exploits and vulnerabilities. Resolve issues by taking the appropriate corrective action or following the appropriate escalation procedures. Lead forensics investigations when required.
• Triage information security events, prioritize them accordingly, and escalate them as required.
• Analyze alerts and log events to identify potential security threats and initiate incident response procedures.
• Gather all relevant documentation and evidence related to incidents.
• Collaborate with various teams to identify technical controls to meet specific security requirements.
• Perform self-assessments of security controls to determine effectiveness, sufficiency, and gaps.