What are the responsibilities and job description for the HHS - SOC Lead/Incident Response Manager position at cFocus Software Incorporated?
cFocus Software seeks a SOC Lead/Incident Response Manager to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance.
Qualifications:
Qualifications:
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent experience).
- Minimum 8 years of cybersecurity experience with at least 3 years in SOC or Incident Response leadership.
- Demonstrated experience managing enterprise SOC operations and incident response programs.
- Strong knowledge of NIST SP 800-61, NIST SP 800-53, NIST SP 800-37, FISMA, and federal cybersecurity policies.
- Hands-on experience with SIEM, EDR, SOAR, threat intelligence platforms, and forensic tools.
- Experience managing incidents involving PII/PHI and regulatory reporting requirements.
- Ability to communicate complex technical issues to executive and non-technical audiences.
- Experience operating in a federal or highly regulated environment.
- Active CISSP, GCIA, GCIH, GCED, CISM, or CEH
- Lead and manage SOC and Incident Response operations in alignment with HRSA Incident Response Plans, SOC SOPs, playbooks, and workflows.
- Ensure compliance with NIST SP 800-61, FISMA, OMB, DHS CISA, HHS, and HRSA incident response requirements.
- Oversee incident triage, investigation, containment, remediation, and recovery activities within defined SLAs.
- Serve as primary escalation point for Critical and High severity incidents, including ransomware and PII/PHI breaches.
- Coordinate incident response activities with HRSA SOC, CSIRC, system owners, ISSOs, legal counsel, privacy officials, and leadership.
- Develop, maintain, and continuously improve SOC SOPs, incident response playbooks, workflows, and response guidelines.
- Manage incident communications, stakeholder notifications, and executive briefings during active incidents.
- Ensure timely incident reporting, forensic documentation, and post-incident reports.
- Lead threat hunting, IOC management, detection rule tuning, and SIEM correlation improvement activities.
- Oversee digital forensic investigations and ensure proper chain-of-custody handling.
- Monitor SOC tools and infrastructure health; coordinate upgrades, patches, and integrations.
- Support federal cyber exercises, tabletop exercises, and incident response drills.
- Ensure 24x7 on-call support coverage and adherence to response SLAs.
- Provide metrics, dashboards, and reports on SOC performance, incident trends, and threat intelligence.
- Identify opportunities for automation and efficiency improvements across SOC operations.