Senior Security Operations Manager
Pure Storage
AssemblyAWSAzureCloudCyber SecurityGoogle Cloud PlatformLinuxMacOSPythonSplunk
Cybersecurity Operations and Incident Response Manager
Coastal Community Bank
full-time
Posted on:
Origin: • 🇺🇸 United States
Visit company websiteSalary
💰 $162,681 - $200,000 per year
Job Level
SeniorLead
Tech Stack
AzureCloudCyber SecurityJavaScriptMacOSPythonTypeScript
About the role
- Build and run Coastal’s 24×7 Security and Threat Operations capability across hybrid on‑prem and cloud environments
- Stand up and lead a lean, automation-driven Security and Threat Operations team including hiring, coaching, and career development
- Establish operating rhythms (standups, metrics reviews, post-incident retrospectives) and SOPs for response, containment, eradication, and recovery
- Build and maintain Security and Threat Operations strategy with the CISO and stakeholders; develop and report KPIs and KRIs
- Align SecOps processes to FFIEC/GLBA and industry frameworks (NIST CSF, Cyber Risk Institute Profile); prepare audit/exam evidence and board-level reporting
- Coach analysts on analytical rigor, bias reduction, and structured investigations; promote a blameless, learning-oriented culture
- Own SIEM/SOAR strategy and daily operations; drive log onboarding, normalization, and high-fidelity detections across AD, Entra ID, Okta, Azure, Zscaler, endpoints, M365, SaaS, Azure IaaS/PaaS, custom APIs, banking core, and financial systems
- Coordinate with Engineering and IT to build detection engineering into the SDLC; develop, test, and maintain detection content (KQL/Sigma), alert routing, and enrichment
- Integrate threat intelligence into detections and response workflows
- Serve as incident response commander for high-severity incidents; coordinate cross-functional responders and maintain/exercise incident response plans, runbooks, and playbooks
- Mature evidence handling, forensics workflows, and case management; ensure regulator-ready documentation and drive post-incident reviews with measurable corrective actions
- Own vulnerability and exposure management lifecycle across servers, endpoints, network, cloud subscriptions, containers/images, and custom APIs; prioritize remediation using risk-based scoring and exploit intelligence
- Track configuration and identity hygiene (privileged accounts, conditional access, MFA coverage, device compliance) and partner with owners to close gaps
- Build and mature threat hunting and purple team functions
- Lead day-to-day oversight of third-party SOC/MSSP: queue hygiene, case quality, SLAs, runbook adherence, tuning, tooling integrations, data retention, and access compliance
Requirements
- 8+ years in Security Operations, Incident Response, Detection Engineering, or Threat Hunting
- 3+ years leading teams or programs
- Bachelor’s degree in Information Security, Computer Science, or related field, or equivalent practical experience
- Demonstrated success operating in hybrid environments spanning on-prem AD, Entra ID (Azure AD), Okta, Azure, Microsoft 365, Zscaler, and containerized workloads/APIs
- Hands-on expertise with SIEM/SOAR, EDR, log pipelines, and detection content development including tuning and QA
- Proven incident commander for high-impact events; adept with forensics, scoping, containment, and executive communication
- Strong vulnerability management leadership across technology areas, including risk-based prioritization and remediation orchestration
- Familiarity with MITRE ATT&CK, cyber kill chain, and threat-led validation (purple teaming)
- Experience managing outsourced SOC/MSSP providers with measurable improvements to signal quality and response times
- Excellent communication skills—able to translate technical risks into business terms and influence across stakeholders
- Familiarity with scripting or automation tools (e.g., Python, TypeScript)
- Prior experience in a regulated environment (finance, healthcare, etc.) is strongly preferred
