Security Operations Lead

At Accenture Federal Services, nothing matters more than helping the US federal government make the nation stronger and safer and life better for people. Our 13,000+ people are united in a shared purpose to pursue the limitless potential of technology and ingenuity for clients across defense, national security, public safety, civilian, and military health organizations. Join Accenture Federal Services, a technology company within global Accenture. Recognized as a Glassdoor Top 100 Best Place to Work, we offer a collaborative and caring community where you feel like you belong and are empowered to grow, learn and thrive through hands-on experience, certifications, industry training and more. Join us to drive positive, lasting change that moves missions and the government forward! Security Operations Lead (SOC Lead) Role Summary The Security Operations Lead will oversee all SOC functions and lead a blended team of SOC Analysts and Security Engineers to ensure rapid detection, investigation, and response to security threats. This role is responsible for driving threat hunting, leading major incidents, engineering detection capabilities, and maturing SOC operations to stay ahead of evolving adversary behaviors. The Lead acts as the central coordination point during security events and sets the strategic direction for the SOC to ensure continuous, mission-critical security coverage. Key Responsibilities SOC Leadership Operations Lead day‑to‑day SOC operations, including queue management, alert triage oversight, escalation handling, on‑call rotations, and daily situational reporting. Mentor and develop SOC analysts across tiers; refine SOPs, workflows, and response playbooks. Drive threat hunting activities focused on identifying patterns, outliers, and TTP‑aligned behaviors across host, network, email, and cloud logs. Oversee SIEM dashboarding, alert tuning, log source health, and rule/correlation development to strengthen detection depth. Coordinate with Security Engineering to ensure logging fidelity, sensor coverage, and integration of new technologies. Incident Response Lead the full lifecycle of incident response: identification, containment, eradication, recovery, forensics support, and post-incident reporting. Perform or direct deep-dive investigations using SIEM, NDR, EDR, packet analysis tools, and forensic artifacts. Provide expert investigative support for large-scale or complex incidents where technical detections may not be available. Guide analysts during high‑severity incidents and act as the primary interface with client leadership and internal stakeholders. Oversee threat intelligence intake and ensure IOCs, adversary behaviors, and campaign indicators are integrated into SOC detections. Detection Engineering Threat Analytics Develop and optimize SIEM correlation rules, dashboards, and monitoring logic. Enhance playbooks and automation pipelines to improve consistency and reduce analyst workload. Ensure ongoing alignment to evolving threat actor TTPs, including insider threat and APT-style behaviors. Integrate new data sources into SOC detection pipelines and validate alert efficacy. Required Qualifications: 8 years of cybersecurity experience, with 3+ years leading SOC or IR teams. Hands-on experience triaging alerts, logs, events, and incident artifacts across enterprise environments. Strong experience with one or more of the following technologies: SIEM (Splunk. Elastic etic), NDR (ExtraHop), EDR/XDR (Trellix), and packet analysis tools. Demonstrated ability to lead incident response for high-severity cybersecurity events. Preferred Qualifications: Advanced experience in threat hunting, analytics, and adversary behavior profiling. Certifications such as CISSP, GCIH, GCIA, GCED, CEH, or similar. Experience building SIEM/SOAR automations and custom detection content. Familiarity with malware triage, static/dynamic analysis, and IOC development. Experience leading SOCs supporting f ... (truncated, view full listing at source)