Security Operations Center Manager

Neptune Technology Group Inc. is a technology company serving water utilities across North America. Since 1892, we have continually focused on the evolving needs of water utilities - revenue optimization, operational efficiencies, and improved customer service. With our portfolio of smart water meters, data collection systems and software, we make data actionable for our customers - so they can remain focused on the business of water. For additional information, please visit the company website at www.neptunetg.com.

Security Operations Center (SOC) Manager

Position Summary

Neptune is maturing a 24×7 cybersecurity program across a hybrid environment (on-prem, cloud, SaaS). We need a proactive leader to own Incident Response and SOC operations, manage SIEM performance, and ensure timely reporting to our parent company. This role is critical for reducing MTTD/MTTR, strengthening detection capabilities, and driving audit readiness.

Key Responsibilities:

Incident Response & Management

• Lead the full IR lifecycle: detection, triage (L2-L3), containment, eradication, recovery, and post-mortems
• Coordinate forensic investigations and run tabletop, blue/red/purple team exercises
• Maintain and execute documented playbooks for rapid response

Threat Detection & Monitoring

• Oversee 24×7 alerting and escalation model with MSSP and internal teams
• Implement anomaly detection and access monitoring across endpoints, networks, and cloud

SIEM & Security Logging

• Manage SIEM (Google SecOps/Chronicle) including detection engineering, log health, and tuning
• Develop repeatable SOAR playbooks and automation workflows

Identity & Access Management

• Ensure robust IAM lifecycle processes and enforce least privilege principles
• Integrate anomaly detection for identity-related threats

Threat Intelligence & Modeling

• Incorporate threat intelligence feeds into detection and response workflows
• Conduct threat modeling exercises to anticipate and mitigate risks

Security Automation & Orchestration

• Drive automation for repetitive tasks and incident workflows
• Optimize orchestration between SIEM, EDR, and SOAR platforms

Reporting & Metrics

• Own the incident reporting process to Neptune's parent company
• Deliver actionable metrics on detection, response, and operational performance

Secure Architecture & Zero Trust

• Partner with engineering to embed secure-by-design principles
• Implement zero trust segmentation and hardening based on incident learnings

Relevant Platforms (experience with several is expected):

• SIEM/SecOps: e.g. Google SecOps (Chronicle)
• EDR & Identity: e.g. CrowdStrike, Microsoft AD/Entra
• Network Security: e.g. FortiGate NGFW, FortiSASE
• Secure Browsing: e.g. Prisma
• Patching & Config: e.g. Automox
• Secrets Management: e.g. Keeper
• Asset Management: e.g. Axonius, Cyclops
• Email & Data Security: e.g. Mimecast, Microsoft Purview

Minimum Qualifications:

• Bachelor's degree (or international equivalent)
• 5+ years in Security Operations, including 3+ years leading IR/SecOps teams
• Hands-on experience with incident response, SIEM management, and threat hunting
• Strong understanding of NIST, ISO, SOC 2, MITRE ATT&CK, and zero trust principles
• Excellent communicator with experience in cross-functional coordination and executive reporting

Preferred Qualifications:

• CISSP or equivalent certification
• Cloud security experience (AWS, Azure, GCP)
• IAM lifecycle management
• Audit and compliance experience (SOC 2, SOX, etc.)

Travel Requirements: Typically requires overnight travel less than 10% of the time.

Location: Tallassee, AL, Duluth, GA

#HP1