Security Operations Manager
Apollo.io
full-time
Posted on:
Location Type: Remote
Location: Poland
Visit company websiteExplore more
About the role
- Own and continuously improve end-to-end Security Operations processes, including detection, investigation, escalation, response, and post-incident activities.
- Act as senior incident leader for high-severity incidents, ensuring timely containment, calm and structured decision-making, and clear stakeholder communication.
- Lead and participate in complex security investigations spanning cloud infrastructure, SaaS platforms, corporate systems, user behavior, and abuse scenarios.
- Ensure high-quality post-incident reviews with clear root cause analysis, actionable remediation, and accountability for follow-through.
- Define and evolve SIEM strategy, including log source onboarding, detection use cases, alert tuning, data quality standards, and coverage validation.
- Oversee creation and maintenance of detection logic, correlation rules, investigation playbooks, and response workflows.
- Drive automation and orchestration initiatives to reduce manual effort and accelerate triage and response.
- Champion the use of AI-assisted tools and techniques to expedite investigation, enrichment, decision-making, and response.
- Build, lead, and retain a high-performing Security Operations team in a fully remote, distributed environment.
- Foster a culture of trust, psychological safety, operational excellence, and continuous learning.
- Provide clear expectations, regular feedback, and coaching aligned with individual strengths and career aspirations.
- Establish and maintain clear career growth paths, helping engineers develop technical depth, operational ownership, and leadership capabilities.
- Support onboarding, mentorship, documentation, and knowledge-sharing practices to strengthen team resilience and reduce single points of failure.
- Partner closely with Engineering, IT, Fraud, Legal, People, Support, and Product teams during investigations, incidents, and improvement initiatives.
- Collaborate deeply with Fraud teams on abuse, account compromise, automation misuse, and anomalous behavior investigations.
- Communicate security risk, incident impact, and remediation plans clearly to both technical and non-technical stakeholders.
- Define, track, and improve operational security metrics such as detection quality, investigation effectiveness, response outcomes, and incident trends.
- Translate business risk and platform changes into actionable operational priorities and roadmap initiatives.
- Contribute to the long-term Security Operations strategy for a cloud-native, SaaS-first platform, with GCP as the primary cloud environment.
Requirements
- 7+ years of experience in Security Operations, Incident Response, or Security Engineering.
- 3+ years of people management experience, including hiring, coaching, and performance management, ideally in a remote-first environment.
- Strong hands-on experience with SIEM platforms (experience with Panther is highly valued), detection engineering, log analysis, and security investigations.
- Experience designing and automating security workflows and response processes.
- Experience with cloud-native platforms (GCP preferred; AWS and Azure also relevant) and SaaS applications.
- Proficiency in Python for automation, analysis, and tooling; familiarity with Ruby is a plus.
- Excellent written and verbal communication, leadership, and stakeholder management skills.
Benefits
- Health insurance
- Remote work options
- Professional development opportunities
- Paid time off
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
Security OperationsIncident ResponseSecurity EngineeringSIEMDetection EngineeringLog AnalysisAutomationPythonGCPSaaS
Soft skills
LeadershipCommunicationCoachingStakeholder ManagementDecision-MakingTeam BuildingMentorshipFeedbackTrustContinuous Learning