Security Operations Center (SOC) Manager

Join the Texas Health and Human Services Commission (HHSC) and be part of a team committed to creating a positive impact in the lives of fellow Texans. At HHSC, your contributions matter, and we support you at each stage of your life and work journey. Our comprehensive benefits package includes 100% paid employee health insurance for full-time eligible employees, a defined benefit pension plan, generous time off benefits, numerous opportunities for career advancement and more. Explore more details on the Benefits of Working at HHS webpage.

Functional Title: Security Operations Center (SOC) Manager 
Job Title: Cybersecurity Analyst IV 
Agency: Health & Human Services Comm 
Department: CHIEF INFO SECURITY OFFICE 
Posting Number: 8354 
Closing Date: 11/19/2025 
Posting Audience: Internal and External 
Occupational Category: Computer and Mathematical 
Salary Group: TEXAS-B-29 
Salary Range: $8,488.33 - $14,356.00 
Pay Frequency: Monthly
Shift: Day 
Additional Shift: Days (First) 
Telework:  
Travel: Up to 60% 
Regular/Temporary: Regular 
Full Time/Part Time: Full time 
FLSA Exempt/Non-Exempt: Nonexempt 
Facility Location:  
Job Location City: AUSTIN 
Job Location Address: 701 W 51ST ST 
Other Locations:  
MOS Codes: 0605,0630,0631,0639,0670,0679,0681,1702,1705,1710,1720,1721,1799,2611,2653,2659,8055,8858,14N,14NX 
170A,170B,17A,17B,17C,17C0,17DX,17S,17SX,17X,181X,182X,183X,184X,1B4X1,1D7X1,1N4X1,255A,255N,255S 
25B,25D,26A,26B,26Z,3D0X2,3D0X3,3D1X1,3D1X2,514A,5C0X1D,5C0X1N,5C0X1R,5C0X1S,5IX,681X,682X,683X,781X 
782X,783X,784X,CT,CTI,CTM,CTN,CTR,CYB10,CYB11,CYB12,CYB13,CYB14,IS,ISM,ISS,IT,ITS 

Brief Job Description:

This position is open to permanent residents or US citizens only.

The Security Operations Center (SOC) Manager is a key leadership role responsible for the overall effectiveness of our SOC. You'll lead a diverse team of internal and external employees, including SOC Analysts, Vulnerability Management staff, and SIEM Engineers. Your primary goal is to ensure the team can effectively detect, analyze, and respond to cybersecurity threats targeting the enterprise environment. This role requires a strong technical background in security operations, exceptional leadership skills, and a passion for driving continuous improvement.

Essential Job Functions (EJFs):

Leadership and Team Management

• Lead, manage, and mentor all SOC personnel, including SOC Analysts, the Vulnerability Management team, and SIEM Engineers, ensuring 24/7/365 monitoring and response for the organization.
• Manage a hybrid team of onsite and remote employees, fostering effective communication and collaboration.
• Serve as the primary point of escalation for Tier II and Tier III teams, providing guidance during complex security incidents.
• Act as the incident commander during major security events.
• Promote a culture of continuous learning by overseeing and delivering training programs for SOC personnel.

Incident Response and Strategy

• Develop, maintain, and regularly validate the Cybersecurity Incident Response Plan, playbooks, and escalation procedures.
• Lead and manage the agency SOC team's response to cybersecurity threats.
• Coordinate post-incident reviews and track key performance indicators and metrics to measure SOC effectiveness and maturity.

SOC Operations and Optimization

• Maintain and refine SOC incident response processes, including updating documentation and Standard Operating Procedures (SOPs).
• Fine-tune and optimize security monitoring tools such as SIEM, EDR, and NDR to enhance threat detection and reduce false positives.
• Oversee proactive security activities such as vulnerability management, threat hunting, and security tool tuning.
• Ensure the SOC team actively reviews and prioritizes vulnerabilities, coordinates with system owners for remediation, and verifies fixes.
• Supervise the development of automation scripts and playbooks to streamline routine tasks.
• Oversee the creation of custom SIEM dashboards and reports to provide clear visibility into the organization's security posture.
• Ensure all security event investigations and incident responses are properly documented.

Strategic Planning and Governance

• Provide strategic recommendations for improving the security infrastructure, including suggestions for new tools, log source integrations, and architectural changes.
• Assist in developing and maintaining the SOC's disaster recovery and business continuity plans.
• Assist with internal and external audit activities and advise on security tool renewals and procurement.
• Identify and suggest professional development and training opportunities to enhance the team’s skills and expertise.

Knowledge, Skills and Abilities (KSAs):  

• Knowledge of incident response frameworks and best practices.

• Knowledge of security operations with an emphasis on patrol, inspection and response services.
• Knowledge of supervisory practices and procedures.
• Knowledge of a variety of security and safety devices and controls.
• Good organizational skills.
• Strong customer service and results orientation skills.
• Strong interpersonal skills, with the ability to interact effectively with clients, at various social levels and across diverse cultures.
• Exceptional time-management skills with the ability to prioritize and delegate tasks in a fast-paced environment.
• Excellent leadership, communication, and interpersonal skills.
• Demonstrated leadership abilities and adaptability when facing unique challenges, with experience working effectively with individuals in diverse cultures and business environments.

• Skilled in documenting O365/Azure platform technical issues, analysis, client communication, and resolution as part of cyber risk mitigation.

• Ability to provide positive direction and motivate performance.
• Ability to learn quickly and carry out instructions furnished in written, oral, or diagrammatic form.
• Ability to track and maintain schedule assignments.
• Ability to be an effective team member.
• Ability to maintain professional composure when dealing with unusual circumstances.
• Ability to adapt to various sites and changes in post procedures.
• Ability to write routine correspondence, including logs and reports.

Registrations, Licensure Requirements or Certifications:

Must hold at least one or more of the following certifications:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• GIAC Security Operations Manager (GSOM)
• Microsoft Cybersecurity Architect (SC-100)
• Certified SOC Analyst (CSA)
• AWS Certified Solutions Architect

Initial Screening Criteria:

Bachelor’s degree in information security, Computer Science, a related field, or equivalent work experience on a year-for-year basis.

A minimum of 8 years of experience within security operations, cyber threat intelligence, or incident response, with at least 5 years in a leadership role in a SOC (Security Operations Center) or IR team.

Preferred:

• Strong technical background in security operations.
• Proven hands-on supervisory experience leading a security team.
• Experience with SIEM, EDR, and other security technologies.
• Proven leadership in managing a 24/7 SOC and cyber response team leveraging SIEM, EDR, and NDR tools to enhance threat detection.
• Previous hands-on experience with SIEM and EDR in a large, global, or enterprise environment.
• Experience designing and developing cloud-specific security policies, standards, and procedures (e.g., Azure tenant, identity and access control, firewall management, DLP, SSO, conditional access controls, and password/key management).
• Experience troubleshooting Azure system-level problems in a multi-vendor, multi-protocol network environment.

Additional Information:

Any employment offer is contingent upon available budgeted funds. The offered salary will be determined in accordance with budgetary limits and the requirements of HHSC Human Resources Manual.

Review our Tips for Success when applying for jobs at DFPS, DSHS and HHSC.

Active Duty, Military, Reservists, Guardsmen, and Veterans:

Military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position may include, but not limited to those listed in this posting. All active-duty military, reservists, guardsmen, and veterans are encouraged to apply if qualified to fill this position. For more information please see the Texas State Auditor’s Job Descriptions, Military Crosswalk and Military Crosswalk Guide at Texas State Auditor's Office - Job Descriptions.

ADA Accommodations:

In compliance with the Americans with Disabilities Act (ADA), HHSC and DSHS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview.

Pre-Employment Checks and Work Eligibility:

Depending on the program area and position requirements, applicants selected for hire may be required to pass background and other due diligence checks.

HHSC uses E-Verify. You must bring your I-9 documentation with you on your first day of work. Download the I-9 Form

Telework Disclaimer:

This position may be eligible for telework.  Please note, all HHS positions are subject to state and agency telework policies in addition to the discretion of the direct supervisor and business needs.