Director, Cyber Detection & Response

About The Position

Requirements

• Ideally targeting individuals with 10+ years of experience in cybersecurity, with a strong focus on detection, incident response, and security operations.
• Deep expertise in SOC operations, SIEM, incident response, and threat intelligence a plus.
• Experience leading cybersecurity operations teams and managing complex incident response activities, a strong preference.
• Strong understanding of cybersecurity frameworks (e.g., NIST CSF) and regulatory requirements required.
• Demonstrated ability to communicate technical concepts and risk insights to executive leadership.
• Strong leadership, analytical, and problem-solving skills.
• Experience in highly regulated industries, a plus.
• Experience with advanced analytics, automation, and AI-driven security operations, a strong preference.

Responsibilities

• Develop and lead the cybersecurity detection and response strategy aligned with enterprise risk, threat landscape, and business priorities.
• Establish governance frameworks and operating models for SOC, incident response, and threat management functions.
• Serve as an advisor to leadership on threat trends, detection capabilities, and response readiness.
• Drive continuous improvement of detection and response capabilities to address evolving threats and business needs.
• Oversee SOC operations, including security logging, monitoring, alerting, and incident triage across the environment.
• Oversee effective use of SIEM platforms to analyze correlated events, detect anomalies, and escalate potential incidents.
• Lead the development and optimization of detection use cases, analytics, and monitoring strategies to improve visibility across the environment.
• Oversee monitoring capabilities across IT and OT environments, ensuring coverage of critical systems and infrastructure.
• Lead detection engineering and security tooling functions, including SIEM, SOAR, EDR, UEBA, and DLP capabilities.
• Oversee the definition and implementation of use cases, rules, and configurations to improve automated detection, investigation, and response workflows.
• Drive optimization and integration of security tools to enhance operational efficiency and reduce false positives.
• Establish and lead threat intelligence capabilities to gather, analyze, and operationalize threat data from internal and external sources.
• Oversee threat monitoring, analysis, and detection rule enhancement to proactively identify emerging threats.
• Lead threat modeling activities to identify attack vectors, vulnerabilities, and control gaps across systems and processes.
• Drive proactive threat hunting initiatives to identify hidden threats and indicators of compromise (IoCs) within the environment.
• Lead enterprise incident response (IR) capabilities, including planning, testing, execution, and continuous improvement of IR processes.
• Oversee incident response lifecycle activities including detection, triage, containment, eradication, and recovery.
• Oversee incident response simulations and exercises to validate readiness and improve response effectiveness.
• Enable effective coordination of incident response efforts across cybersecurity, IT, legal, and business stakeholders.
• Manage breach notification processes and communication protocols for cybersecurity incidents.
• Oversee digital forensics and investigative activities to determine the scope, root cause, and impact of cybersecurity incidents.
• Ensure proper evidence collection, analysis, and documentation to support investigations and regulatory requirements.
• Lead post-incident reviews and root cause analysis to strengthen detection and response capabilities.
• Lead offensive and defensive security testing capabilities, including red teaming, penetration testing, and adversarial simulations.
• Oversee blue team operations to detect, analyze, and respond to threats across enterprise environments.
• Facilitate purple teaming activities to enhance collaboration between offensive and defensive teams and improve detection and response effectiveness.
• Drive continuous improvement of security controls through testing, validation, and simulation exercises.
• Collaborate with cybersecurity, IT, risk, legal, and business teams to integrate detection and response capabilities into enterprise operations.
• Partner with architecture, engineering, and infrastructure teams to ensure detection and response requirements are embedded into system design and deployment.
• Provide actionable insights and reporting to leadership on threat landscape, incident trends, and response effectiveness.
• Support audit and regulatory activities by providing evidence and documentation related to detection and response processes.
• Define and track KPIs and KRIs related to detection, response, and operational performance.
• Provide regular reporting to leadership on SOC performance, incident metrics, and threat trends.
• Identify opportunities to enhance detection coverage, reduce response times, and improve operational efficiency.
• Drive continuous improvement initiatives to mature detection and response capabilities.
• Build and lead a high-performing cybersecurity detection and response team across SOC, IR, and threat management functions.
• Develop team capabilities through training, mentoring, and structured career development initiatives.
• Foster a culture of accountability, collaboration, and continuous improvement.
• Ensure alignment of team capabilities with evolving threat landscape and organizational needs.

Benefits

• Medical, dental and vision coverage
• Paid time off plan
• Health savings account (HSA)
• 401k savings plan
• Access to wages before pay day with myFlexPay
• Flexible spending accounts (FSAs)
• Short- and long-term disability coverage
• Work-Life resources
• Paid parental leave
• Healthy lifestyle programs