CYBERSECURITY ENGINEERING LEAD - 72003966

Requisition No: 871371 

Agency: Management Services

Working Title: CYBERSECURITY ENGINEERING LEAD - 72003966

 Pay Plan: SES

Position Number: 72003966 

Salary:  $100,000 - $125,000 

Posting Closing Date: 03/17/2026 

Total Compensation Estimator Tool

 CYBERSECURITY ENGINEERING LEAD

SOC Team Lead
Florida Digital Service
State of Florida Department of Management Services
This position is located in Tallahassee, FL

The SOC Team Lead provides daily leadership, technical direction, and operational oversight for a team of Security Operations Center (SOC) Analysts who perform enterprise-wide cyber threat intelligence (CTI) and incident response (IR) activities. These teams are responsible for identifying, analyzing, and responding to cybersecurity threats impacting state and local government entities. 

 
Each SOC Team Lead manages one of two analyst teams and must operate in close, continuous coordination with the other Team Lead and the SOC Manager. Decisions, process changes, or priorities affecting both teams are made collaboratively to ensure unified direction, consistent analytic standards, balanced workload distribution, and seamless operational coverage. 

Key Responsibilities

Leadership and Coordination 
•    Lead and manage SOC Analysts performing threat intelligence, incident response, and related cybersecurity functions. 
•    Assign, prioritize, and monitor workload to ensure SOC coverage and timely completion of operational, project, and improvement tasks. 
•    Supervise analytic quality, mentor staff, and promote professional growth and accountability. 
•    Coordinate daily operations, staffing, and priorities with the other SOC Team Lead and the SOC Manager. 
•    Represent the SOC in briefings, interagency meetings, and enterprise coordination activities as assigned. 
•    Collaborate with other teams on cross-functional initiatives, maintaining awareness of and respect for their priorities and ensuring SOC contributions align with shared objectives. 

Threat Intelligence and Incident Response Oversight 
•    Lead and participate in threat-hunting activities using enterprise telemetry, analytic queries, and intelligence sources to identify adversary activity and control gaps. 
•    Direct incident response support activities by validating findings, guiding investigative next steps, and supporting escalation decisions with technical justification. 
•    Direct the identification and validation of intelligence sources and oversee production of actionable threat reports, briefings, and recommendations. 
•    Translate threat intelligence into operational analytic guidance for analysts, including investigative focus areas and analytic priorities. 
•    Supervise threat hunting using a variety of telemetry and analytics platforms. 
•    Manage receipt, triage, and analysis of incident reports; ensure adherence to escalation timelines and notification procedures. 
•    Oversee situational awareness reporting, After-Action Report collection, and integration of lessons learned into SOC content and playbooks. 
•    Coordinate investigations and intelligence sharing with the Florida Department of Law Enforcement (FDLE) and other partners. 

Documentation, Analysis, and Continuous Improvement 
•    Ensure complete and accurate case documentation for intelligence and incident response activities. 
•    Analyze historical incidents, IOCs, and TTPs to identify patterns, systemic weaknesses, and opportunities for improved defenses. 
•    Drive continuous improvement by refining queries, detection rules, SOPs, and response procedures. 
•    Contribute to SOC performance measurement, automation efforts, and maturity roadmap execution as directed. 

*Other duties as assigned. 

Knowledge, Skills, and Abilities 

Knowledge 

• Strong understanding of adversary tactics, techniques, and procedures and how they manifest across endpoint, network, identity, and cloud telemetry. 
• Cybersecurity governance principles and how SOC workflows support organizational missions and enterprise security priorities. 
• Cyber threat intelligence processes, the incident response lifecycle, and public-sector reporting and coordination requirements (including but not limited to s. 282.318, F.S., s. 282.3185, F.S.). 
• SOC operational functions including monitoring and detection fundamentals, telemetry sources, analytics platforms, situational reporting, and case documentation standards. 
• Cybersecurity policies, regulatory requirements, and statewide cybersecurity expectations applicable to FLDS, state agencies, and local governments (including s. 282.318, F.S., s. 282.3185, F.S., and Chapter 60GG-2, F.A.C.). 
• Program and task management principles such as workload prioritization, scheduling, coordination, and use of operational metrics. 
• Security architecture and engineering concepts sufficient to collaborate with Engineering and Enterprise Architecture teams and understand detection logic impacts. 
• Automation, orchestration, and analytics concepts used to improve SOC workflows and response efficiency. 
• Secure project management principles, including risk awareness, coordination of team inputs, and alignment with project timelines. 

Skills 

• Leading analysts through daily SOC operations, providing coaching, constructive feedback, and supporting a culture of accountability and continuous improvement. 
• Independently performing and guiding complex investigations and threat-hunting activities. 
• Coaching analysts through technical problem-solving, analytic reasoning, and investigative decision-making. 
• Managing operational schedules and distributing workloads to maintain consistent coverage across threat intelligence, threat hunting, and incident response functions. 
• Communicating operational impacts, threat insights, and incident details clearly to analysts, leadership, and partner teams. 
• Coordinating cross-functional work with cybersecurity, IT, and partner teams while respecting the priorities and constraints of those teams. 
• Establishing, maintaining, and improving SOC playbooks, SOPs, documentation standards, and operational workflows. 
• Communicating technical findings clearly to analysts, SOC leadership, and partner teams without loss of analytic precision. 
• Evaluating and improving detection and response effectiveness through validation, tuning, and feedback to engineering resources. 
• Analyzing metrics, threat trends, indicators, and case data to identify gaps, recurring issues, and opportunities for improvement. 
• Producing accurate, timely SOC work products, including threat intelligence summaries, incident documentation, situational awareness updates, and after-action inputs. 

Abilities

• Direct analyst activities in alignment with enterprise cybersecurity strategy, SOC priorities, and evolving threat landscapes. 
• Make sound operational decisions during triage and escalation, ensuring timely and coordinated incident handling. 
• Build and maintain strong working relationships with the other SOC Team Lead, SOC Manager, analysts, and other cybersecurity stakeholders and mission partners. 
• Drive team-level maturity initiatives that improve detection coverage, response quality, analytic consistency, and operational efficiency. 
• Manage operational and project assignments from initiation through completion, ensuring team deliverables meet shared objectives and deadlines. 
• Integrate lessons learned from incidents, after-action reports, and intelligence activities into refined detection logic, workflows, and procedures.
• Guide analysts through unfamiliar threats, tools, or analytic challenges using practical, experience-based instruction. 
• Maintain team readiness by anticipating operational needs, identifying emerging threats, and adapting processes and assignments accordingly. 

Minimum Qualifications 

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field; equivalent experience may be considered. 
• 4+ years of hands-on experience performing SOC analyst duties, including alert triage, incident analysis, threat intelligence production, and threat hunting. 
• At least 2 years demonstrated experience working directly with detection tools, including SIEM queries, correlation rules, dashboards, or detection content. 
• At least 2 years of experience maintaining structured case documentation, producing written analytic products, and briefing technical or leadership audiences. 
• Demonstrated hands-on experience conducting cyber threat intelligence analysis, incident investigation, and threat-hunting activities in a SOC environment. 
• Experience serving as a technical lead, senior analyst, or mentor responsible for reviewing and guiding the analytic work of others. 
• Relevant professional certifications preferred, such as CISSP, GCIH, GCTI, etc. 

Other job-related requirements for this position: 

• Ability to sit for extended periods of time. Ability to stand for extended periods of time. Ability to drive and/or fly long distances. Ability to lift, push and pull up to 30lbs. 
• Criminal background investigation including fingerprinting and statewide and national criminal history records check per Section 110.1127 Florida Statutes, Chapter 435 Florida Statutes and the Federal Bureau of Investigation’s CJIS Security Policy CJISD-ITS-DOC-08140.

Our Organization and Mission:
Under the direction of Governor Ron DeSantis, Interim Secretary Tom Berger and DMS’ Executive Leadership Team, the Florida Department of Management Services (DMS) is a customer-oriented agency with a broad portfolio that includes the efficient use and management of real estate, procurement, human resources, group insurance, retirement, telecommunications, fleet, and federal property assistance programs used throughout Florida’s state government. It is against this backdrop that DMS strives to demonstrate its motto, “We serve those who serve Florida.”

Special Notes:
DMS is committed to successfully recruiting and onboarding talented and skilled individuals into its workforce. We recognize the extensive training, experience and transferrable skills that veterans and individuals with disabilities bring to the workforce. Veterans and individuals with disabilities are encouraged to contact our recruiter for guidance and answers to questions through the following provided email addresses:
DMS.Ability@dms.myflorida.com
DMS.Veterans@dms.myflorida.com
An individual with a disability is qualified if he or she satisfies the skills, experience, and other job related requirements for a position and can perform the essential functions of the position with or without reasonable accommodation. Candidates requiring a reasonable accommodation, as defined by the Americans with Disabilities Act, must contact the DMS Human Resources (HR) Office at (850) 488-2707. DMS requests applicants notify HR in advance to allow sufficient time to provide the accommodation.
Criminal background investigation including fingerprinting and statewide and national criminal history records check per Section 110.1127 Florida Statutes, Chapter 435 Florida Statutes and the Federal Bureau of Investigation’s CJIS Security Policy CJISD-ITS-DOC-08140.
Pursuant to F.S. 215.422 every officer or employee who is responsible for the approval or processing of vendors’ invoices or distribution of warrants to vendors are mandated to process, resolve and comply as section 215.422 requires
 

The State of Florida is an Equal Opportunity Employer/Affirmative Action Employer, and does not tolerate discrimination or violence in the workplace.

Candidates requiring a reasonable accommodation, as defined by the Americans with Disabilities Act, must notify the agency hiring authority and/or People First Service Center (1-866-663-4735). Notification to the hiring authority must be made in advance to allow sufficient time to provide the accommodation.

The State of Florida supports a Drug-Free workplace. All employees are subject to reasonable suspicion drug testing in accordance with Section 112.0455, F.S., Drug-Free Workplace Act.