Stand up and lead a lean, highly efficient, and automation-driven Security and Threat Operations team, including hiring, coaching, and career development of analysts and engineers.
Establish operating rhythms (standups, metrics reviews, post-incident retrospectives) and standard operating procedures for response, containment, eradication, and recovery.
Build and maintain a Security and Threat Operations strategy in coordination with the CISO and other stakeholders, including software engineering, data engineering, and IT.
Develop and report on KPIs and KRIs for the Security and Threat Operations function.
Align SecOps processes to FFIEC/GLBA expectations and industry frameworks (NIST CSF and Cyber Risk Institute Profile).
Prepare evidence for audits/exams; provide clear, actionable metrics and board-level reporting on SOC performance, incident trends, control coverage, and risk reduction.
Partner with Legal, Compliance, Privacy, and Third-Party Risk on obligations and notifications.
Coach analysts on analytical rigor, bias reduction, and structured investigations.
Promote a blameless, learning-oriented culture that prizes speed, accuracy, and craftsmanship.
Own SIEM/SOAR strategy and daily operations; drive log onboarding, normalization, and high-fidelity detections across the entire technology landscape.
Serve as incident response commander for high-severity incidents; coordinate cross-functional responders in Infrastructure, IT, Engineering, Legal, and Compliance.
Build, maintain, and continuously improve standard operating procedures (SOPs), runbooks, and playbooks.
Maintain and exercise incident response plans through tabletop and similar activities.
Maturity evidence handling, forensics workflows, and case management; ensure accurate timelines and regulator-ready documentation.
Drive post-incident reviews with measurable corrective actions (people/process/technology) and executive readouts.
Own the vulnerability management lifecycle, ensuring coverage of vulnerability discovery, triage, and management across servers, endpoints, network, cloud subscriptions, containers/images, and custom APIs.

Requirements

Demonstrated success operating in hybrid environments spanning on-prem AD, Entra ID (Azure AD), Okta, Azure, Microsoft 365, Zscaler, and containerized workloads/APIs.
Hands-on expertise with SIEM/SOAR, EDR, log pipelines, and detection content development including tuning and QA.
Proven incident commander for high-impact events; adept with forensics, scoping, containment, and executive communication.
Strong vulnerability management leadership across technology areas, including risk-based prioritization and remediation orchestration.
Familiarity with MITRE ATT&CK, cyber kill chain, and threat-led validation (purple teaming).
Experience managing outsourced SOC/MSSP providers with measurable improvements to signal quality and response times.
Excellent communication skills—able to translate technical risks into business terms and influence across stakeholders.
Familiarity with scripting or automation tools (e.g., Python, TypeScript) to streamline operations processes.
8+ years in Security Operations, Incident Response, Detection Engineering, or Threat Hunting.
3+ years leading teams or programs.
Bachelor’s degree in Information Security, Computer Science, or related field, or equivalent practical experience.
Prior experience in a regulated environment (finance, healthcare, etc.) is strongly preferred.

Benefits

Medical Coverage: Choose from three competitive medical plans to find the coverage that best fits your needs and lifestyle.
Health Savings Account (HSA): Available with eligible medical plans, offering tax advantages and employer contributions.
Flexible Spending Accounts (FSA): Options for healthcare and dependent care expenses to help you save on out-of-pocket costs.
Dental and Vision Insurance: Plans to keep you and your family smiling and seeing clearly.
Life Insurance: Company-paid basic life insurance with options to purchase additional coverage for yourself and your dependents.
Long-Term /Short-Term Disability (LTD): Income protection in the event of a long-term illness or injury.
Supplemental Benefits: Including Hospital Indemnity, Accident Insurance, and Critical Illness coverage to provide extra financial support when you need it most.
401(k) Retirement Plan: A competitive retirement savings plan with company matching to help you plan for the future.
Paid Time Off: Generous vacation and sick leave policies to support your time away from work.
Holidays: Enjoy 11 paid holidays throughout the year.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

SIEMSOAREDRforensicsvulnerability managementdetection content developmentscriptingautomationincident responserisk-based prioritization

Soft Skills

leadershipcommunicationanalytical rigorcoachinginfluencecollaborationproblem-solvingadaptabilityblameless culturelearning-oriented mindset