The way I'm going to portray the Security Operations Center (SOC) may be counter to what you currently have in place. This is only because, at an SMB, everything regarding cyber/information security is under the SOC. 

So let's just set the baseline of some basic parameters so we can all be on the same page:

• The SOC will be viewed from the Tactical level
• Capabilities that the SOC will be viewed at the Operational level
• Some basic security teams are:
  • InfoSec governance enforcement
  • Vulnerability discovery and detection
  • Threat management
  • Threat intelligence
  • Security configuration baseline management
  • Incident response/blue team
  • Red team
  • Security State Analysis/continuous monitoring
  • Application security

These basic teams are what I would consider the security stack.