CYBERSECURITY ENGINEERING LEAD - 72003966

About The Position

Requirements

• Strong understanding of adversary tactics, techniques, and procedures and how they manifest across endpoint, network, identity, and cloud telemetry.
• Cybersecurity governance principles and how SOC workflows support organizational missions and enterprise security priorities.
• Cyber threat intelligence processes, the incident response lifecycle, and public-sector reporting and coordination requirements (including but not limited to s. 282.318, F.S., s. 282.3185, F.S.).
• SOC operational functions including monitoring and detection fundamentals, telemetry sources, analytics platforms, situational reporting, and case documentation standards.
• Cybersecurity policies, regulatory requirements, and statewide cybersecurity expectations applicable to FLDS, state agencies, and local governments (including s. 282.318, F.S., s. 282.3185, F.S., and Chapter 60GG-2, F.A.C.).
• Program and task management principles such as workload prioritization, scheduling, coordination, and use of operational metrics.
• Security architecture and engineering concepts sufficient to collaborate with Engineering and Enterprise Architecture teams and understand detection logic impacts.
• Automation, orchestration, and analytics concepts used to improve SOC workflows and response efficiency.
• Secure project management principles, including risk awareness, coordination of team inputs, and alignment with project timelines.
• Leading analysts through daily SOC operations, providing coaching, constructive feedback, and supporting a culture of accountability and continuous improvement.
• Independently performing and guiding complex investigations and threat-hunting activities.
• Coaching analysts through technical problem-solving, analytic reasoning, and investigative decision-making.
• Managing operational schedules and distributing workloads to maintain consistent coverage across threat intelligence, threat hunting, and incident response functions.
• Communicating operational impacts, threat insights, and incident details clearly to analysts, leadership, and partner teams.
• Coordinating cross-functional work with cybersecurity, IT, and partner teams while respecting the priorities and constraints of those teams.
• Establishing, maintaining, and improving SOC playbooks, SOPs, documentation standards, and operational workflows.
• Communicating technical findings clearly to analysts, SOC leadership, and partner teams without loss of analytic precision.
• Evaluating and improving detection and response effectiveness through validation, tuning, and feedback to engineering resources.
• Analyzing metrics, threat trends, indicators, and case data to identify gaps, recurring issues, and opportunities for improvement.
• Producing accurate, timely SOC work products, including threat intelligence summaries, incident documentation, situational awareness updates, and after-action inputs.
• Direct analyst activities in alignment with enterprise cybersecurity strategy, SOC priorities, and evolving threat landscapes.
• Make sound operational decisions during triage and escalation, ensuring timely and coordinated incident handling.
• Build and maintain strong working relationships with the other SOC Team Lead, SOC Manager, analysts, and other cybersecurity stakeholders and mission partners.
• Drive team-level maturity initiatives that improve detection coverage, response quality, analytic consistency, and operational efficiency.
• Manage operational and project assignments from initiation through completion, ensuring team deliverables meet shared objectives and deadlines.
• Integrate lessons learned from incidents, after-action reports, and intelligence activities into refined detection logic, workflows, and procedures.
• Guide analysts through unfamiliar threats, tools, or analytic challenges using practical, experience-based instruction.
• Maintain team readiness by anticipating operational needs, identifying emerging threats, and adapting processes and assignments accordingly.
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field; equivalent experience may be considered.
• 4+ years of hands-on experience performing SOC analyst duties, including alert triage, incident analysis, threat intelligence production, and threat hunting.
• At least 2 years demonstrated experience working directly with detection tools, including SIEM queries, correlation rules, dashboards, or detection content.
• At least 2 years of experience maintaining structured case documentation, producing written analytic products, and briefing technical or leadership audiences.
• Demonstrated hands-on experience conducting cyber threat intelligence analysis, incident investigation, and threat-hunting activities in a SOC environment.
• Experience serving as a technical lead, senior analyst, or mentor responsible for reviewing and guiding the analytic work of others.

Nice To Haves

• Relevant professional certifications preferred, such as CISSP, GCIH, GCTI, etc.

Responsibilities

• Lead and manage SOC Analysts performing threat intelligence, incident response, and related cybersecurity functions.
• Assign, prioritize, and monitor workload to ensure SOC coverage and timely completion of operational, project, and improvement tasks.
• Supervise analytic quality, mentor staff, and promote professional growth and accountability.
• Coordinate daily operations, staffing, and priorities with the other SOC Team Lead and the SOC Manager.
• Represent the SOC in briefings, interagency meetings, and enterprise coordination activities as assigned.
• Collaborate with other teams on cross-functional initiatives, maintaining awareness of and respect for their priorities and ensuring SOC contributions align with shared objectives.
• Lead and participate in threat-hunting activities using enterprise telemetry, analytic queries, and intelligence sources to identify adversary activity and control gaps.
• Direct incident response support activities by validating findings, guiding investigative next steps, and supporting escalation decisions with technical justification.
• Direct the identification and validation of intelligence sources and oversee production of actionable threat reports, briefings, and recommendations.
• Translate threat intelligence into operational analytic guidance for analysts, including investigative focus areas and analytic priorities.
• Supervise threat hunting using a variety of telemetry and analytics platforms.
• Manage receipt, triage, and analysis of incident reports; ensure adherence to escalation timelines and notification procedures.
• Oversee situational awareness reporting, After-Action Report collection, and integration of lessons learned into SOC content and playbooks.
• Coordinate investigations and intelligence sharing with the Florida Department of Law Enforcement (FDLE) and other partners.
• Ensure complete and accurate case documentation for intelligence and incident response activities.
• Analyze historical incidents, IOCs, and TTPs to identify patterns, systemic weaknesses, and opportunities for improved defenses.
• Drive continuous improvement by refining queries, detection rules, SOPs, and response procedures.
• Contribute to SOC performance measurement, automation efforts, and maturity roadmap execution as directed.