Staff SOC Manager - Aurora Technical Operations Center bei Aurora Innovation

Aurora hires talented people with diverse backgrounds who are ready to help build a transportation ecosystem that will make our roads safer, get crucial goods where they need to go, and make mobility more efficient and accessible for all. We’re searching for a Staff SOC Manager - Aurora Technical Operations Center.

Aurora’s Technical Operation Center serves as a 24x7 comprehensive technical support center spanning the entire enterprise.

Our team is responsible for: 

• 24/7 security monitoring, alert management, security tool administration, threat intelligence integration, forensic support for incidents, performance reporting.
• Service onboarding, creating and refining runbooks for incident response and routine operations, developing automation scripts for common alerts and tasks.
• Network health monitoring, incident detection, first-level troubleshooting, escalation to engineering teams, performance reporting.

In this role, you will

• Lead, mentor, and develop a team of SOC analysts (Tier 1, 2), engineers, and/or specialists. Develop and manage 24x7 team schedules, on-call rotations, and resource allocation to ensure continuous coverage for cyber security, production security, and network operations.
• Conduct performance reviews, provide regular feedback, and support professional growth. Foster a culture of continuous improvement, learning, and collaboration within the SOC/NOC.

• Oversee 24/7 security monitoring, incident detection, and analysis, spanning cybersecurity threats, production security product support, and network operational alerts.
• Drive timely, end-to-end incident response efforts from detection to resolution, ensuring timely containment, eradication, recovery, and post-incident analysis for cyber security, production security, and network events.
• Develop, refine, and enforce SOC/NOC playbooks, standard operating procedures (SOPs), runbooks, and training for security incidents and network operational issues.
• Ensure effective use of security tools (SIEM, EDR, SOAR, Vulnerability Scanners, etc.) for threat detection and response, and operational monitoring tools for network health
• Conduct regular threat hunting exercises to proactively identify sophisticated threats.

• Identify and implement improvements to SOC processes, tools, and technologies across security and network operations.
• Develop, report on, and improve key performance indicators (KPIs), telemetry coverage, and alert fidelity.
• Manage the monitoring and triage of tickets for the Security Software Engineering team, providing initial response and escalations as needed.
• Support network operations by overseeing monitoring, triage, and initial response to network-related alerts and incidents.

• Communicate effectively with internal stakeholders, including IT, engineering, legal, operations, and executive leadership regarding security incidents and posture.
• Collaborate with other security and network operations teams to enhance overall security posture and system reliability.
• Participate in internal and external audits as required. 
• Other duties as assigned.

Required Qualifications

• 10+ years of experience in cybersecurity, with at least 5+ years in a leadership or management role for a security engineering or operations team.
• Demonstrated experience building and leading 24x7 security operations teams, including Tier 1, 2, and 3 capabilities.
• Experience as a lead in a Security Operations program.
• Extensive experience with cybersecurity incident response investigations and management.
• Strong experience triaging and investigating cybersecurity alerts.
• Proficiency with SIEM, EDR and log analysis.
• Experience developing tools to optimize and automate response processes.
• Exceptional communication and stakeholder management skills with proven ability to communicate clearly with all leadership levels.
• Familiarity with various operating systems (Windows, Linux, macOS) and network protocols.
• Familiarity with NIST, CSF, MITRE ATT&CK, and cyber threat modeling.
• Experience with cloud security, identity security, and identity monitoring.
• Proven track record of improving SOC efficiency and maturity.
• Comfort leading in an ambiguous, teamwork-oriented environment.
• Strong leadership, communication, and interpersonal skills.
• Ability to work effectively under pressure in a fast-paced environment.

Desirable Qualifications 

• Experience with network operations monitoring and triage.
• Experience providing support for Security Software Engineering teams, particularly in ticket monitoring and triage. 
• Experience with cloud security (AWS).
• Experience with Python.
• Experience with big data tools and methodologies (e.g. SQL and data warehouse technology)
• Experience working with auditd, sysmon, kprobe, ebpf, or similar low level data collection frameworks
• Experience with Kubernetes, CI/CD pipelines and DevOps principles.
• Familiarity with systems architecture, distributed systems, and microservices.
• Experience with performance monitoring, capacity planning, and scalability.

The base salary range for this position is $220,000.00-$352,000.00 per year.  Aurora’s pay ranges are determined by role, level, and location. Within the range, the successful candidate’s starting base pay will be determined based on factors including job-related skills, experience, qualifications, relevant education or training, and market conditions. These ranges may be modified in the future. The successful candidate will also be eligible for an annual bonus, equity compensation, and benefits.

#LI-DW1

#Mid-Senior