Director, Cyber Security Operations

About The Position

Requirements

• 10+ years of experience in cyber security operations, detection engineering, threat hunting, or incident response.
• Deep experience building and tuning detections across modern environments (endpoint, identity, cloud, SaaS), with an understanding of attacker techniques and evasion methods.
• Proven experience leading and executing complex incident response engagements, including forensics, containment, and recovery.
• Strong background in threat hunting methodologies, hypothesis-driven investigations, and identifying unknown or emerging threats.
• Experience operationalizing threat intelligence into detections, hunts, and response actions.
• Familiarity with detection frameworks (e.g., MITRE ATT&CK) and measuring detection coverage and effectiveness.
• Ability to lead through ambiguity and make high-quality decisions during active security incidents.
• Strong communication skills, with the ability to translate technical risk into clear business impact.
• Experience mentoring and developing security practitioners.
• Commitment to mission-driven security work.

Nice To Haves

• Relevant certifications (GCIA, GCIH, CISSP, GCFA, GNFA) preferred.

Responsibilities

• Lead and mature SOC operations with a focus on high-fidelity detection, signal-to-noise optimization, and measurable detection coverage.
• Own and evolve the detection engineering program, including development of detections mapped to adversary behaviors (e.g., MITRE ATT&CK), continuous tuning, and validation through adversarial testing.
• Establish and lead a proactive threat hunting program focused on identifying unknown threats, attacker dwell time, and control gaps across identity, endpoint, cloud, and SaaS environments.
• Direct incident response and digital forensics efforts, including hands-on leadership during high-severity incidents, root cause analysis, and post-incident improvement.
• Integrate cyber threat intelligence into detection and response workflows, ensuring intelligence is operationalized into actionable detections and hunt hypotheses.
• Develop, test, and continuously improve incident response playbooks, escalation paths, and decision frameworks.
• Lead tabletop exercises and adversary simulation activities to validate detection and response capabilities against realistic threat scenarios.
• Drive operational resilience initiatives, including business impact analysis, recovery planning, and coordination with crisis management stakeholders.
• Partner closely with identity, cloud, and application teams to close detection and response gaps, with a strong focus on identity as the primary attack surface.
• Coordinate with physical security and external incident response partners during complex incidents.
• Build, mentor, and scale a high-performing security operations team, fostering a culture of curiosity, rigor, and adversarial thinking.
• Report on detection coverage, incident trends, adversary activity, and response effectiveness to senior leadership.

Benefits

• Time away to focus on the things that matter with a generous paid time-off policy
• Focus on your well-being with comprehensive healthcare benefits (including medical, dental and vision coverage, parental leave, gender affirming care & fertility treatment)
• Plan for your retirement with 401k plan and employer match
• We support employee growth and development through annual professional development funds, internal professional development programs and workshops