SOC Analyst-Tier 3 Shift Lead (R-00124) at Truezerotech

True Zero Technologies, a veteran-owned small business, was founded on the principle that the purposeful enablement of people and technology in an organization directly ties to the quality of its outcomes. True Zero recognizes that those outcomes begin and end with our people, and that is what we have built a community of like-minded, driven, and passionate individuals and innovators who are aligned in a common goal of delivering top-tier services to our customers. Our culture and commitment have been recognized through numerous accolades, including being named one of the Best Places to Work in 2023 in two categories (“Prosperous and Thriving” ($5MM–$50MM in gross revenue) and “Mid-Atlantic Region” (DC, DE, MD, NC, VA, WV)), and again in 2025 as a Best Places to Work honoree. In addition, True Zero earned coveted spots on the Inc. 5000 list of fastest-growing companies in America in 2022, 2023, and 2025, a testament to our sustained growth driven by our people-first approach and unwavering dedication to excellence. Job Responsibilities • Supervise and mentor SOC Analysts • Assign and balance workload across analysts and shifts • Monitor queue health, SLA compliance, and alert backlog • Conduct regular performance check-ins • Address quality gaps and provide corrective guidance • Reinforce adherence to documented playbooks and procedures • Primary Focus: Ensure consistent and effective analyst performance. • Hands-On Monitoring & Investigation • Perform daily alert triage alongside SOC Analysts • Conduct investigations on moderate to high-severity alerts • Lead or directly support complex or multi-system investigations • Validate alert classifications and case documentation • Participate in shift coverage as needed • Primary Focus: Maintain technical engagement and operational credibility. • Serve as the first escalation point for analysts • Lead investigations for high-severity incidents • Coordinate response actions with internal stakeholders • Ensure timely and accurate communication during incidents • Drive investigations to clear, defensible conclusions • Primary Focus: Maintain operational control during critical events. • Investigation Quality & Case Governance • Review analyst investigations for accuracy and completeness • Approve or return cases prior to closure • Ensure proper evidence collection and timeline documentation • Enforce consistent tagging, classification, and case hygiene • Primary Focus: Protect the integrity of SOC output. • Process & Continuous Improvement • Maintain and update SOC playbooks and workflows • Identify inefficiencies in monitoring or case handling • Provide feedback on alert tuning and automation improvements • Capture and integrate lessons learned • Stakeholder Coordination • Respond to formal information requests within defined SLAs • Serve as liaison between SOC analysts and leadership • Support audits, reporting, and compliance requirements • Participate in shift handoffs and operational planning • Primary Focus: Maintain trust and communication across teams. • Workload Segmentation (Approximate) • 30% – Direct Monitoring & Investigation Work • 25% – Escalation & High-Severity Incident Leadership • 20% – Team Management & Performance Oversight • 15% – Investigation Quality Review & Case Governance • 10% – Process Improvement & Documentation • Percentages may shift during major incidents or staffing changes. Job Qualifications • Onsite is required • Prior experience as a SOC Analyst or Senior Analyst • Demonstrated ability to lead or coordinate investigations • Experience mentoring or supervising analysts • Strong knowledge of: SIEM platforms (Splunk or equivalent) EDR tools, Network, authentication, and endpoint telemetry • Strong documentation and communication skills • Ability to make sound decisions in time-sensitive situations • CompTIA Security+ or CySA+ (or equivalent) • Experience in incident response or threat hunting • Familiarity with NIST, CIS, CJIS, or similar frameworks • Experience with case management multiple platforms • Scripting/query experience (SPL, KQL, SQL, Python) • Experience in regulated or government environments • GCIH, GCIA, GCED or equivalent • Core Competencies include: Technical leadership, operational accountability, coaching and mentorship, analytical problem-solving, process discipline, clear written and verbal communication, ability to lead under pressure • Role Notes: • This is both a management and technical role. • The Team Lead is expected to maintain hands-on investigative capability. • Operational response takes priority during active incidents. • Decisions made in accordance with approved documentation are supported. • The Team Lead is accountable for team output, not just individual cases. • This role serves as the primary contact point with state wide cybersecurity collaboration. • Managing weekend coverage may be necessary. We’re actively searching for talented security and technology practitioners who are ready to experience the True Zero difference. As a True Zero team member, you'll enjoy: - Competitive salary, paid twice per month - Best in class medical coverage - 100% of medical premiums covered by True Zero - Company wide new business incentive programs - Contribution Incentives (i.e. white papers, blog posts, internal webinars, etc.) - 3 weeks of PTO starting + 11 Paid Holidays Annually - 401k Program with 100% company match on the first 4% - Monthly reimbursement of Cell Phone and Home Internet costs - Paternity/Maternity Leave - Investment in training and certifications to broaden and deepen your technical skills