You will report to the VP, Information Security.
Own the execution and continuous improvement of Aya Healthcare’s enterprise Security Operations program.
Lead a blended security operations model combining internal analysts, nearshore/offshore resources, and managed service providers.
Establish clear operating models, escalation paths, staffing coverage expectations, and accountability across all SecOps resources.
Serve as the primary owner of ServiceNow Security Incident Response (SIR) workflows, data models, and operating procedures.
Design, implement, and continuously improve SIR playbooks to automate triage, enrichment, containment, and response actions.
Drive automation that reduces manual analyst effort and improves MTTD, MTTR, and MTTC through standardized playbook execution.
Ensure incidents are consistently triaged, investigated, documented, and remediated using ServiceNow SIR.
Oversee detection and response capabilities across EDR and SIEM platforms, ensuring high‑quality signal ingestion and routing into SIR.
Operate confidently across Microsoft Azure security capabilities available through Microsoft E5 environments (e.g., Defender, Sentinel).
Define, track, and improve MTTx metrics, using data to prioritize automation and process improvements.
Lead post‑incident reviews and ensure lessons learned translate into improved detections, playbooks, and response procedures.
Manage, coach, and develop security operations personnel while fostering a high‑energy, accountable team culture.
Act as a trusted escalation point during security incidents and clearly communicate operational risk and response status to leadership.

Requirements

5+ years of experience in Security Operations, Incident Response, or SOC‑related roles.
2+ years of direct experience managing and operating ServiceNow Security Incident Response (SIR), including workflow ownership and playbook design.
Demonstrated experience designing or operating incident response automation and playbooks within SIR or SOAR‑like platforms.
Hands‑on experience integrating EDR platforms (e.g., Microsoft Defender and/or CrowdStrike Falcon) with ServiceNow SIR.
Strong experience operating and managing EDR and SIEM solutions in an enterprise environment.
Strong hands‑on experience with Microsoft Azure security solutions, including capabilities available through Microsoft E5 subscriptions.
Demonstrated experience managing and improving MTTx metrics (e.g., MTTD, MTTR) to drive operational change.
Proven experience leading security operations teams, including internal staff and external service providers.
Strong incident leadership, communication, and decision‑making skills with the ability to influence across teams.

Benefits

Free premium medical, dental, life and vision insurance
Generous 401(k) match
Aya also offers other benefits to those that are eligible and where required by applicable law, including reimbursements and discretionary bonuses
Aya provides paid sick leave in accordance with all applicable state, federal, and local laws. Aya’s general sick leave policy is that employees accrue one hour of paid sick leave for every 30 hours worked. However, to the extent any provisions of the statement above conflict with any applicable paid sick leave laws, the applicable paid sick leave laws are controlling
Celebrations! We hit our goals and reward ourselves.
Company-sponsored virtual events, happy hours and team-building activities are always on the horizon — plus, you get a special treat on your birthday!
Unlimited DTO — we believe in time off!
Virtual yoga, meditation or boot camp classes offered daily

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Security OperationsIncident ResponseServiceNow Security Incident ResponseEDR platformsSIEM solutionsincident response automationplaybook designMTTx metricsMicrosoft Azure security solutionsautomation

Soft Skills

leadershipcommunicationdecision-makingteam managementcoachingaccountabilityoperational risk managementinfluence