SOC Manager (IT Cyber Security Manager 2)

Now Hiring, Apply Today! SOC Manager (IT Cyber Security Manager 2)

Enterprise Information Services (EIS) is a state government-wide information technology (IT) organization led by Oregon’s State Chief Information Officer (CIO). The Cyber Security Services (“CSS”) is an information security management section within EIS. CSS’s mission: Leading Oregon Government to safeguard the State’s information resources. CSS is comprised of the following units: Governance Risk and Compliance, Enterprise Security Architecture, Network Security, and Security Operations Center (SOC).

What You’ll Do

As the SOC Manager, you will be at the center of Oregon’s cyber defense, the heartbeat of the enterprise, leading the day-to-day operations of the State of Oregon’s Security Operations Center and ensuring continuous monitoring, detection, analysis, and response to threats that impact enterprise (State of Oregon) systems and critical public services. You will guide and grow an extremely talented team of SOC analysts, maintain 24x7 readiness, and make sure the tools, workflows, playbooks, and escalation paths are not just documented, but tested and battle-ready. You will turn strategy into action, translate the SOC Director’s vision and enterprise direction into operational excellence, and lead the charge during high-impact incidents where clear thinking, calm leadership, and teamwork matter most. Working side-by-side with Network, Endpoint, Cloud, Vulnerability, and agency partners across the state, you will help coordinate response, protect Oregonians’ data, and continuously strengthen our security posture. This is a role for a leader who thrives in fast-moving environments, loves developing people, and wants to make a real, visible impact—every day—on the security and resilience of the State of Oregon.

For a full review of the position duties, details, and working conditions, please click here.

This Is What You Need to Qualify

• Six years of supervision, management, or progressively related experience*; OR

• Three years of related* experience and a bachelor's degree in a related* field.

*Related qualifying information systems experience in: Microsoft Defender for Endpoint, Identity, Office 365, and Cloud Apps, Attack surface reduction (ASR), device timeline, evidence & response actions, Live response sessions and EDR forensics;  Qualifying Bachelor degree in Information Technology, Computer Science, or closely related field.

The ideal candidate will possess the following desired skills and attributes:

• A strong foundation in cybersecurity operations, with the ability to understand, oversee, and guide threat detection, incident response, vulnerability management, and security monitoring across on-premises, cloud, and hybrid environments.

• Operational fluency with modern SOC technologies and workflows, including SIEM, EDR/XDR, log management, alerting, case management, and investigation platforms, with the ability to ask the right questions, challenge assumptions, and make informed decisions when not hands-on in the tools.

• The mindset of a cyber operations leader, able to direct investigations, validate analyst conclusions, prioritize response actions, and ensure incidents are managed effectively from triage through recovery.

• A deep understanding of how enterprise identity, endpoints, networks, cloud services, and security controls interconnect, and how attackers move across them, utilizing the MITRE Att&ck Methods.

• Proven ability to build, mentor, and sustain high-performing SOC teams, fostering trust, accountability, resilience, and calm leadership in high-pressure, 24x7 environments.

• The judgment to balance risk, impact, and operational tempo, ensuring the right resources are focused on the most critical threats and that staff are supported and not burned out.

• The ability to evaluate and improve SOC processes, playbooks, tooling, and staffing models, turning gaps and lessons learned into practical operational improvements.

• Strong communication and leadership presence, with the ability to translate technical realities into clear guidance for executives, agency partners, and incident commanders.

• Experience coordinating complex incident response efforts across multiple teams, agencies, and external partners, bringing clarity, structure, and confidence during major events.

• Extensive experience (typically 7+ years in cybersecurity, including leadership or senior operational roles within a SOC, IR, or security operations environment).

• Familiarity with security frameworks and best practices (NIST CSF, incident response lifecycle, MITRE ATT&CK) and how to apply them at an operational and programmatic level.

Preference Statement

Preference will be given to candidates with one or more of the following certifications: CISSP: (Certified Information Systems Security Professional), SC-200: Microsoft Security Operations Analyst, SC-100: Cybersecurity Architect, AZ-500: Azure Security Engineer,  CompTIA CySA+ or Security+ ,  GIAC (GCIA, GCIH, GMON) for advanced threat hunting.

How to Apply

• Click on the "Apply" link above to complete your online application and submit by the posted closing date and time. For step-by-step instructions click apply to work for the state or current state employee.

• Required Documents: cover letter and resume

• The work experience and/or education section of your application must clearly demonstrate how you meet all the minimum qualifications and desired skills and attributes listed above. Your cover letter should address your skills supporting an enterprise level environment.  Failing to attach required documents may result in disqualification of your application.

• The State of Oregon does not request or require your age, date of birth, attendance or graduation dates from an educational institution during the application process. 

• Be sure to check Workday and your email for additional tasks and updates. After hitting submit there may be additional required tasks for you to complete prior to the announcement closing. Please save a copy of this job announcement for reference, as it is not available for you to view after the announcement deadline.

• If you are requesting Veteran’s Preference, you will receive a Workday task to submit your supporting documents.  Be sure to submit your documentation prior to the close date of this posting in order to have the preference considered. Click on the following link for additional information on Veterans’ Preference.

Benefits of Joining Our Team

The Department of Administrative Services (DAS) Team strives to create an environment that is supportive and encourages work-life balance and innovation. The EIS team is built on collaboration and support. We work together to ensure our customer agencies receive the highest quality of service. We take pride in our work and look for ways to innovate. EIS is committed to hiring highly skilled, diverse and dedicated employees who will bring a unique skill set to the team.

Our amazing benefits include: 

• Comprehensive Health Coverage: Low-cost medical, vision, and dental plans for you and your family. Additional benefits include life insurance, short- and long-term disability, deferred compensation savings plans, and flexible spending accounts for health and childcare.  Optional benefits including life insurance, disability, FSA, and more

• Generous Paid Time Off: 11 holidays, 3 personal business days, monthly sick leave and vacation leave that increases with years of service. 

• Career Development: Opportunities for professional growth and advancement. 

• Get There - Oregon’s easy-to-use carpool matching tool and trip planner. 

• Public Service Loan Forgiveness: You may qualify for the PSLF program.

• Hybrid Work Opportunity: This position supports a hybrid work schedule. You can expect to work in the office 1 day per week, with work arrangements periodically reviewed to ensure business needs are met.

Additional Details

• This announcement is for one, full-time, permanent, Management Service- Supervisory, SOC Manager (IT Cyber Security Manager 2) position and may be used to fill future vacancies.

• The salary listed is the non-PERS qualifying salary range. If the successful candidate is PERS qualifying, the salary range will reflect an additional 6.95%.

• Review the Classification and Compensation page for more details on the classification, or you may visit our website for information on the job offer process following pay equity.

• Applicants must be authorized to work in the United States. Applicants who require VISA sponsorship will not be considered at this time.

• Employee will be required to possess and maintain a valid driver’s license issued by the state where the employee resides or provide an acceptable alternate form of transportation.

• Employee is required to obtain and maintain CJIS clearance.

• Finalists will be subject to a computerized criminal history check. Adverse background data may be grounds for immediate disqualification.

• If you need an application in an alternate format in order to complete the process or for accommodation requests under the Americans with Disabilities Act (ADA), you may contact the Recruiter, Nancy Karnas at: nancy.karnas@das.oregon.gov   | 971-719-3083.

Helpful Links & Resources

How to Set Job Alerts | Workday Applicant FAQ | What You Need to Know to Get the Job

Oregon Job Opportunities Webpage | Classification and Compensation | Pay Equity

Come for a job. | Stay for a career. | Make a difference... for a lifetime!

The Department of Administrative Services is an Equal Opportunity, Affirmative Action Employer Committed to Workforce Diversity. At the Department of Administrative Services, we embody the value of hiring a workforce representative of the communities we serve, understanding that a diverse workforce revitalizes our state. We value diversity and foster a positive and welcoming environment where all employees can thrive.