Cybersecurity Services Practice Lead

About Us

Steel Root is a cybersecurity services company that specializes in compliance for the U.S. Defense Industrial Base. We’re a startup in high demand, looking for a Cybersecurity Services Practice Lead to manage and scale our co-managed SOC practice. We’re passionate about contributing daily to our positive culture, with a commitment to professional development and social responsibility. Steel Root serves a national client base from its headquarters in Salem, MA.

Job Description

The Cybersecurity Services Practice Lead is responsible for building, operating, and scaling our Managed Security suite of services. This is a player/coach role with the opportunity to build out a co-managed Security Operations Center to support company growth objectives. Steel Root partners with industry-leading vendors to co-manage monitoring and response capabilities for our customers. The ideal candidate is an experienced, hands-on SOC analyst who is passionate about best practices.

Responsibilities include:

  • Ongoing review of SIEM dashboards, endpoint detection and response (EDR) systems, and intrusion detection systems (IDS)
  • Develop and maintain standard operating procedures (SOPs) and response playbooks
  • Assist the IT Operations team in deploying services to new customers by configuring customer tenant containers, building installers, dashboards, custom policies, and integrations
  • Lead the triage and investigative process for cybersecurity incidents, summarizing events and incidents effectively to customer stakeholders (technical and non-technical)
  • Conduct vulnerability assessments of customer systems and environments
  • Hire, train, and manage a team of cybersecurity analysts to support growth expectations
  • Measure, monitor, and maintain team’s ability to meet or exceed Service Level Agreements (SLAs)

Relevant Platforms

Our Managed Security practice includes the following services (not a complete list). Experience with these specific vendors or platforms is preferred but not required:

  • SIEM (ELK stack, Azure Sentinel)
  • CrowdStrike Falcon
  • Zscaler
  • Cisco Umbrella
  • Endpoint security tools including application allowlisting, host-based firewall, and patch management

About You

You’re an experienced SOC analyst ready for the challenge of building out a managed security practice to support a growing client base. You’re skilled at configuring and monitoring security platforms, and while you like being involved in day-to-day monitoring and threat hunting, you’re excited about building repeatable processes and managing a team. You have strong feelings about zero trust, SecOps, and cloud-first as a security strategy. You know that you could do a better job than many of the MSSPs out there.


  • US citizenship
  • 8+ years of progressive experience in the IT field
  • 4+ years of hands-on experience as a SOC analyst, threat hunt, or similar role
  • Strong analytical skills and written/verbal communication skills with the ability to present complex technical information in a clear and concise manner to a variety of audiences
  • Experience configuring and managing cybersecurity technologies including SIEM, endpoint detection and response, IPS/IDS, vulnerability management software, identity and access management, and CASB solutions
  • Solid grasp of security incident handling best practices, OSINT, and forensics skills
  • Strong understanding of networking concepts and technologies
  • Experience mitigating threat vectors including malware, advanced persistent threat (APT), and DDoS
  • Enthusiasm about staying up to date on cybersecurity best practices, current vulnerabilities, attack trends, and countermeasures to effectively handle the responsibilities of this role
  • Evening and weekend hours are infrequent, but expected during critical incidents

Desired Characteristics

  • Experience building out new SOC or IR capabilities and/or managing a small team
  • Familiarity with security frameworks and standards such as CMMC, NIST 800-171, NIST CSF, CIS Controls, or MITRE ATT&CK
  • Knowledge of security-relevant Microsoft cloud services (Sentinel, MCAS, Intune, Azure AD Conditional Access, PIM/PAM, Security and Compliance Center)
  • Professional certifications such as CISSP, CEH, SANS GIAC, and Microsoft, Linux, networking, or related certifications
  • Bachelor’s degree or higher in technology, engineering, or related field


  • Competitive benefits package, including health, dental, 401(k), and cell phone stipend
  • Team Human work culture
  • Our customers make lasers and launch things into space
  • Work with wicked smaht teammates and hone your skills in one of the hottest niches in the cybersecurity market
  • Play with cool tech, work with customers that love us, and get in on the ground floor of a startup in growth mode

How to Apply

  1. Get to know us by reading about our services and the industries we serve, and follow us on social media (links in website footer, below).
  2. Then send your resume with cover letter to Every application is reviewed by a real human being.

Committed to Diversity

Steel Root is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, national origin, gender identity/expression, age, religion, disability, sexual orientation, genetics, veteran status, marital status or any other characteristic protected by law.

This is a general description of the duties, responsibilities and qualifications required for this position. Physical, mental, sensory, or environmental demands may be referenced in an attempt to communicate the manner in which this position traditionally is performed. Whenever necessary to provide individuals with disabilities an equal employment opportunity, Steel Root will consider reasonable accommodations that might involve varying job requirements and/or changing the way this job is performed, provided that such accommodations do not pose an undue hardship.