Job Description Everforth ECS is seeking a SOC Chiefto work in our
Portland, OR office.
Please Note: This position is contingent upon contract award. The SOC Chief is responsible for leading Security Operations Center (SOC) strategy, operations, personnel, processes, and mission execution. This role oversees daily and long-term SOC activities, including monitoring, triage, incident escalation, threat detection, reporting, quality assurance, and continuous improvement across the cyber operations environment.
The ideal candidate combines deep security operations expertise , strong leadership ability, incident response experience, and the capacity to communicate operational risk clearly to technical teams, program leadership, and senior stakeholders. This role ensures the SOC operates effectively, aligns with mission priorities, and delivers timely , accurate , and actionable security outcomes.
Key Responsibilities SOC Leadership & Operational Oversight - Lead day-to-day SOC operations, ensuring monitoring, triage, analysis, escalation, and reporting activities are performed accurately, consistently, and within established timelines.
- Establish operational priorities, shift expectations, escalation paths, handoff procedures, and service-level expectations for SOC analysts and supporting teams.
- Ensure SOC activities align with program objectives , mission needs, regulatory requirements, operational risk priorities, and cybersecurity best practices.
- Oversee coordination among SOC Tier 1, Tier 2, Tier 3, threat hunting, threat intelligence, forensics, engineering, and program management personnel.
Incident Response & Escalation Management - Provide leadership during significant cybersecurity events, ensuring incidents are triaged, escalated, investigated, documented, and communicated appropriately.
- Coordinate incident response activities across analysts, engineers, forensic personnel, system owners, leadership, and external stakeholders as required .
- Review and validate major incident findings, severity determinations, escalation decisions, containment recommendations, and operational impacts.
- Ensure lessons learned, after-action reviews, and corrective actions are captured and used to improve SOC procedures and response effectiveness.
Detection, Monitoring & Threat Operations - Oversee the effectiveness of SOC monitoring, alert triage, detection use cases, dashboards, reports, correlation rules, and security analytics capabilities.
- Partner with threat hunters, threat intelligence analysts, Splunk engineers, security engineers, and detection teams to identify coverage gaps and improve alert fidelity.
- Support prioritization of new detection logic, data source onboarding, tuning efforts, threat-informed monitoring, and operational use-case development.
- Ensure SOC workflows support timely identification, analysis, investigation, and disposition of suspicious or malicious activity.
Process, Quality Assurance & Governance - Develop, maintain , and enforce SOC standard operating procedures, playbooks, runbooks, escalation guides, reporting standards, and quality-control processes.
- Monitor case quality, analyst documentation, ticket handling, alert disposition accuracy, and adherence to approved procedures.
- Define and track SOC performance metrics, operational trends, workload indicators, service levels, incident statistics, and continuous-improvement actions.
- Support audit readiness, compliance reporting, risk management, and governance activities related to SOC operations and cyber incident response.
Team Leadership & Workforce Development - Lead, mentor, and coordinate SOC analysts and operational contributors, supporting consistent performance, professional development, and mission readiness.
- Assign responsibilities, review work products, provide operational guidance, and ensure appropriate coverage for shifts, surge activities, and priority events.
- Identify training needs and coordinate with cyber training personnel to improve analyst skills, tool proficiency , process knowledge, and incident response discipline.
- Promote a culture of accountability, collaboration, technical rigor, documentation quality, and continuous learning across SOC personnel.
Stakeholder Engagement & Reporting - Serve as the primary operational point of contact for SOC status, incident escalation, operational risks, performance metrics, and mission-impacting issues.
- Brief program leadership, customer stakeholders, technical teams, and senior decision-makers on SOC activities, incidents, trends, risks, and recommended actions.
- Translate technical findings and operational activity into clear business, mission, and risk language for non-technical stakeholders.
- Coordinate communications with system owners, engineering teams, assessment teams, training teams, and program management to support mission outcomes.
Technology, Tooling & Capability Management - Provide operational input into SOC tooling requirements, including SIEM, SOAR, EDR, NDR, case management, threat intelligence, vulnerability, reporting, and collaboration platforms.
- Partner with Splunk, security engineering, architecture, and infrastructure teams to ensure tools support monitoring, investigation, reporting, retention, and escalation needs.
- Identify tool , data, workflow, and integration gaps that affect SOC effectiveness and recommend improvements or prioritization actions.
- Support acceptance, testing, operational readiness, and transition of new SOC capabilities into production use.
Continuous Improvement & Program Support - Drive continuous improvement of SOC operating models, procedures, metrics, playbooks, escalation processes, staffing approaches, and mission support capabilities.
- Analyze recurring issues, incident trends, false positives, workflow bottlenecks, and reporting gaps to improve SOC efficiency and effectiveness.
- Support planning, staffing estimates, schedule coordination, roadmap development, and program reporting for SOC-related initiatives.
- Stay current with evolving cyber threats, SOC operating practices, detection methodologies, incident response approaches, and security operations technologies.
Required Skills - 8+ years of experience in cybersecurity, security operations, incident response, threat detection, cyber defense, or related technical roles.
- 3+ years of experience leading SOC operations, incident response teams, cyber operations teams, or similar security functions.
- Strong understanding of SOC workflows, alert triage, escalation management, incident response, threat hunting, threat intelligence, detection engineering, and security monitoring.
- Experience overseeing or supporting security tools such as SIEM, SOAR, EDR, NDR, IDS/IPS, firewalls, vulnerability management tools, ticketing platforms, and case management systems.
- Demonstrated ability to lead technical teams, coordinate cross-functional response activities, manage priorities, and ensure timely delivery of operational outcomes.
- Experience developing or enforcing SOPs, playbooks, runbooks, escalation guides, metrics, reports, and quality-control processes.
- Ability to analyze operational risk, validate incident information, communicate impacts, and brief technical and non-technical stakeholders.
- Excellent written and verbal communication skills, including experience producing operational reports, executive briefings, and incident updates.
Desired Skills - Experience leading SOC operations in government, critical infrastructure, financial, healthcare, defense, or other regulated and mission-critical environments.
- Familiarity with frameworks and references such as NIST CSF, NIST SP 800-61, NIST SP 800-53, MITRE ATT&CK, Cyber Kill Chain, CIS Controls, ISO 27001, or related standards.
- Experience with Splunk, Splunk Enterprise Security, SOAR platforms, endpoint detection and response tools, threat intelligence platforms, and cyber case management tools.
- Experience managing 24x7 operations, shift teams, surge support, on-call rotations, major incident coordination, or customer-facing operational teams.
- Security certifications such as CISSP, CISM, GCIH, GCIA, GCDA, GSOC, CySA +, Security+, or equivalent credentials.
- Experience briefing executives, senior government stakeholders, program managers, auditors, or customer leadership.
- Project, program, or people management experience, including staffing, performance feedback, process improvement, and operational planning.
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
Everforth ECS is the federal segment of
Everforth , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
- Attracting and developing top talent and high-performing teams
- Fostering a culture that is engaging, accountable, and mission-driven
Meet the challenge. Make a difference with Everforth ECS! 
Never miss an opportunity! Create an alert based on the job you applied for.