Cybersecurity Ops & Incident Response Manager

About The Position

Requirements

• Demonstrated success operating in hybrid environments spanning on-prem AD, Entra ID (Azure AD), Okta, Azure, Microsoft 365, Zscaler, and containerized workloads/APIs.
• Hands-on expertise with SIEM/SOAR, EDR, log pipelines, and detection content development including tuning and QA.
• Proven incident commander for high-impact events; adept with forensics, scoping, containment, and executive communication.
• Strong vulnerability management leadership across technology areas, including risk-based prioritization and remediation orchestration.
• Familiarity with MITRE ATT&CK, cyber kill chain, and threat-led validation (purple teaming).
• Experience managing outsourced SOC/MSSP providers with measurable improvements to signal quality and response times.
• Excellent communication skills—able to translate technical risks into business terms and influence across stakeholders.
• Familiarity with scripting or automation tools (e.g., Python, TypeScript) to streamline operations processes.
• 8+ years in Security Operations, Incident Response, Detection Engineering, or Threat Hunting.
• 3+ years leading teams or programs.
• Bachelor’s degree in Information Security, Computer Science, or related field, or equivalent practical experience.

Nice To Haves

• Prior experience in a regulated environment (finance, healthcare, etc.) is strongly preferred.

Responsibilities

• Security and Threat Operations Leadership
• Stand up and lead a lean, highly efficient, and automation-driven Security and Threat Operations team, including hiring, coaching, and career development of analysts and engineers.
• Establish operating rhythms (standups, metrics reviews, post-incident retrospectives) and standard operating procedures for response, containment, eradication, and recovery.
• Build and maintain a Security and Threat Operations strategy in coordination with the CISO and other stakeholders, including software engineering, data engineering, and IT.
• Develop and report on KPIs and KRIs for the Security and Threat Operations function.
• Governance, Risk, Audit & Reporting
• Align SecOps processes to FFIEC/GLBA expectations and industry frameworks (NIST CSF and Cyber Risk Institute Profile).
• Prepare evidence for audits/exams; provide clear, actionable metrics and board-level reporting on SOC performance, incident trends, control coverage, and risk reduction.
• Partner with Legal, Compliance, Privacy, and Third-Party Risk on obligations and notifications.
• Culture, Training & Readiness
• Coach analysts on analytical rigor, bias reduction, and structured investigations.
• Promote a blameless, learning-oriented culture that prizes speed, accuracy, and craftsmanship.
• Security Monitoring & Detection Engineering
• Own SIEM/SOAR strategy and daily operations; drive log onboarding, normalization, and high-fidelity detections across the entire technology landscape, including but not limited to:
• Core technology infrastructure: Active Directory Domain Services, Entra ID, Okta, Azure control plane, Zscaler, Windows and macOS endpoints, hybrid network
• Productivity/G&A systems: M365, SaaS
• Business-specific systems: Azure IaaS/PaaS services, custom-developed API services, banking core, financial ledger and reporting systems
• Coordinate with Engineering and IT to build detection engineering into system development lifecycle.
• Develop, test, and maintain detection content (e.g., KQL/Sigma), alert routing, and enrichment pipelines that reduce noise and increase true-positive rates.
• Integrate threat intelligence (strategic, operational, and technical) into detections and response workflows.
• Incident Response
• Serve as incident response commander for high-severity incidents; coordinate cross-functional responders in Infrastructure, IT, Engineering, Legal, and Compliance.
• Build, maintain, and continuously improve standard operating procedures (SOPs), runbooks, and playbooks.
• Maintain and exercise incident response plans through tabletop and similar activities.
• Mature evidence handling, forensics workflows, and case management; ensure accurate timelines and regulator-ready documentation.
• Drive post-incident reviews with measurable corrective actions (people/process/technology) and executive readouts.
• Vulnerability & Exposure Management and Threat Hunting
• Own the vulnerability management lifecycle, ensuring coverage of vulnerability discovery, triage, and management across servers, endpoints, network, cloud subscriptions, containers/images, and custom APIs.
• Prioritize remediation using risk-based scoring and exploit intelligence.
• Track configuration and identity hygiene (e.g., privileged accounts, conditional access, MFA coverage, device compliance) and partner with owners to close gaps.
• Building and maturing a threat hunting and purple team function as part of the overall Security & Threat Operations maturation roadmap.
• SOC/MSSP Governance
• Lead day-to-day oversight of the third-party SOC: queue hygiene, case quality, SLAs, runbook adherence, and continuous tuning to our environment.
• Ensure vendor tooling integrations, data retention, and access are compliant with Coastal policies and regulatory expectations.

Benefits

• Medical Coverage: Choose from three competitive medical plans to find the coverage that best fits your needs and lifestyle.
• Health Savings Account (HSA): Available with eligible medical plans, offering tax advantages and employer contributions.
• Flexible Spending Accounts (FSA): Options for healthcare and dependent care expenses to help you save on out-of-pocket costs.
• Dental and Vision Insurance: Plans to keep you and your family smiling and seeing clearly.
• Life Insurance: Company-paid basic life insurance with options to purchase additional coverage for yourself and your dependents.
• Long-Term /Short-Term Disability (LTD): Income protection in the event of a long-term illness or injury.
• Supplemental Benefits: Including Hospital Indemnity, Accident Insurance, and Critical Illness coverage to provide extra financial support when you need it most.
• 401(k) Retirement Plan: A competitive retirement savings plan with company matching to help you plan for the future.
• Paid Time Off: Generous vacation and sick leave policies to support your time away from work.
• Holidays: Enjoy 11 paid holidays throughout the year.