Corporate Security Operations Manager

About The Position

Requirements

• 5–8+ years of experience in security operations, detection engineering, or incident response, with at least 2+ years leading analysts or technical security teams
• Hands-on experience with SIEM and EDR platforms, including alert tuning, dashboard creation, and detection optimization
• Demonstrated ability to improve monitoring quality by reducing false positives and increasing meaningful detection coverage
• Experience defining and tracking operational metrics (e.g., MTTD, MTTR, alert fidelity, detection coverage) and presenting results to leadership
• Strong understanding of enterprise logging across endpoints, identity providers, SaaS platforms, and cloud environments
• Familiarity with regulated environments (e.g., CMMC 2.0, NIST 800-53, SOC 2, or similar frameworks) and the role monitoring plays in audit defensibility
• Experience supporting incident investigations in coordination with internal stakeholders and external DFIR partners
• Proven ability to build structured workflows, documentation standards, and repeatable operational processes
• Strong communication skills with the ability to translate technical operational data into clear risk narratives
• Sound judgment, steady leadership presence, and the ability to balance operational execution with long-term program improvement

Responsibilities

• Own the strategy and maturity roadmap for corporate monitoring, detection engineering, and operational security metrics. Define logging standards, detection coverage expectations, and measurable performance indicators for the team.
• Lead and develop Corporate Security Operations Analysts and the Corporate Threat Hunter & Detection Analyst through coaching, clear performance expectations, and structured feedback. Remove blockers, improve workflows, and ensure the team is focused on high-impact work.
• Continuously improve alert quality, detection coverage, triage workflows, and operational automation. Reduce false positives, strengthen telemetry visibility across corporate SaaS and infrastructure, and ensure monitoring outputs are accurate and defensible.
• Partner with Security Engineering, IT, Compliance, and leadership to ensure monitoring supports configuration baselines, vulnerability management efforts, and regulatory commitments. Provide clear, actionable insight during investigations and ongoing risk discussions.
• Establish consistent operational rhythms for reporting, detection reviews, and after-action analysis. Maintain structured documentation, metric reporting, and continuous improvement processes that strengthen operational maturity over time.
• Act as the operational owner of corporate security monitoring and detection capabilities, ensuring consistent and effective oversight of enterprise telemetry.
• Ensure protection of the confidentiality, integrity, and availability of corporate systems and data through continuous monitoring and validated detection coverage.
• Ensure privacy-impacting security events are identified, documented, and escalated in coordination with Legal, Compliance, and executive leadership.
• Ensure logs, alerts, investigative artifacts, and operational metrics are accurate, access-controlled, and retained in accordance with policy and regulatory requirements.
• Enforce principles of least privilege, segregation of duties, and monitoring of privileged activity within corporate systems.
• Ensure analysts follow established data handling, evidence preservation, and documentation standards during investigations.
• Participate in risk evaluation and escalation discussions, providing operational insight into detection gaps or control weaknesses.
• Maintain alignment between corporate security operations, regulatory commitments (e.g., CMMC 2.0, NIST 800-53), and organizational privacy obligations.