Security Operations Center Manager

Position Overview:

We are seeking an experienced and highly skilled Security Operations Center (SOC) Manager to lead our cybersecurity operations team. The SOC Manager will oversee the full security operations lifecycle, from threat detection and incident response to team development and planning. This role is critical to ensure our organization maintains a robust security posture while managing day-to-day security operations.

Key Responsibilities:

• Lead end-to-end incident response activities, including detection, containment, eradication, recovery, and post-incident review
• Direct SOC analysts in threat detection, triage, investigation, and remediation efforts
• Maintain accurate incident documentation, escalation workflows, ticket management, and timely event resolution
• Develop and implement SOAR workflows to automate investigations, response actions, and repetitive security tasks
• Improve operational efficiency and reduce MTTR through process automation and continuous optimization
• Develop custom SIEM detection rules and signatures based on evolving business needs, threat intelligence, and threat hunting findings

• Develop, track, and report SOC KPIs, including MTTD, MTTA, MTTR, dwell time, false positives, and incident closure rates
• Provide leadership with regular updates on security operations, incident trends, and overall security posture
• Maintain and improve SOC strategies, policies, SOPs, playbooks, and operational processes

Required Qualifications:

• Deep technical hands-on knowledge of security monitoring tools and technologies including SIEM, IDS/IPS, EDR/XDR, NDR, firewalls, and SOAR platforms
• Strong understanding of threat intelligence, indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and attack methodologies
• Expert knowledge of security frameworks and methodologies including NIST Cybersecurity Framework, ISO 27001, MITRE ATT&CK, etc.
• Proficiency in log analysis, network traffic analysis, threat hunting techniques, and behavioral analysis
• Strong understanding of cloud security principles and cloud-native security tools
• Fundamental understanding of programming and scripting languages (Python, PowerShell, Bash) for automation, log parsing, and data analysis
• At least two industry recognized certifications e.g.: CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), GCIH (GIAC Certified Incident Handler), GCIA (GIAC Certified Intrusion Analyst), GCFA (GIAC Certified Forensic Analyst), GSOM (GIAC Security Operations Manager), CSOM (Certified Security Operations Manager)
• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent professional experience).

Preferred Qualifications:

• Experience in the financial services industry with deep understanding of financial sector threat landscape, regulatory requirements.

Experience Requirements:

• Minimum 8-10 years of progressive experience in information security and cybersecurity operations
• Minimum 7 years of hands-on experience in security operations, with demonstrated expertise across all three SOC tiers (Tier 1 triage, Tier 2 incident response, and Tier 3 threat hunting/advanced analysis)
• Minimum 5 years of direct SOC management experience, including team leadership, resource planning, and operational oversight
• Minimum 2 years of hands-on experience with SIEM platforms, including rule creation, testing, tuning, and change management
• Proven experience managing 24/7 security operations with demonstrable results in incident response effectiveness

OneMain Holdings, Inc. is an Equal Employment Opportunity (EEO) employer. Qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship status, color, creed, culture, disability, ethnicity, gender, gender identity or expression, genetic information or history, marital status, military status, national origin, nationality, pregnancy, race, religion, sex, sexual orientation, socioeconomic status, transgender or on any other basis protected by law.