Director, Security Operations & SOC Leader

About The Position

Requirements

• 8+ years in security operations, detection/response, or a closely related security engineering discipline.
• 2+ years leading and developing technical security teams.
• Demonstrated hands-on depth in detection engineering and incident response.
• Experience operating core security operations tooling (EDR, SIEM, email security, DLP) and managing a SIEM/detection content lifecycle.
• Experience managing a managed-detection or co-managed SOC relationship and holding a partner accountable to outcomes.
• Proven incident response leadership across the full lifecycle, including coordination with legal, executive, and external stakeholders.
• Strong working knowledge of detection frameworks and methodologies (e.g., MITRE ATT&CK).
• Excellent written and verbal communication, including the ability to translate technical risk for executive and board audiences.
• Must be a U.S. Person (U.S. citizen, U.S. national, lawful permanent resident, or individual granted asylum or refugee status) due to ITAR regulations.

Nice To Haves

• Experience in a regulated environment (defense contractor - CMMC / NIST 800-171, ITAR/EAR, SOX, or critical infrastructure).
• Exposure to OT/ICS security (IEC 62443) in a manufacturing setting.
• Relevant certifications (e.g., CISSP, GCIA, GCIH, GCFA, or equivalent).
• Familiarity with Microsoft Defender XDR, Azure / Azure Government, and cloud workload monitoring.
• A genuine player-coach: invested in growing people and willing to dig into the technical work alongside the team.
• Sound judgment under pressure and a calm, structured approach to incidents.
• Collaborative across IT, Legal, GRC, and OT/engineering peers.

Responsibilities

• Own, operate, and report on the security operations stack (EDR, email security, removable-media/USB encryption, DLP/insider-risk tooling) including configuration, health, coverage, and lifecycle.
• Manage budget and vendors for the security operations tool portfolio.
• Govern the hybrid SOC, including managing the 24/7 managed detection relationship (SLAs, escalation quality, coverage accountability) and leading the internal analyst team.
• Own detection engineering and content management, including use-case development, tuning, detection-as-code, telemetry/log-source onboarding, and MITRE ATT&CK coverage mapping.
• Lead threat hunting and operationalize threat intelligence into detections and hunts.
• Drive security automation and orchestration (SOAR) and develop response runbooks and playbooks.
• Oversee security monitoring of OT/ICS telemetry in the manufacturing environment, collaborating with OT/engineering teams.
• Own incident preparedness and response, including IR plan and playbook maintenance, DFIR retainer management, and post-incident reviews.
• Conduct tabletop and purple-team exercises to validate detection and response readiness.
• Serve as the operational front for executive incident disclosure, providing technical input for materiality determinations under SEC cyber-disclosure rules.
• Partner with Legal on insider-threat investigations, legal holds, and evidence preservation.
• Operate insider-risk and DLP monitoring in coordination with Legal and HR.
• Own the phishing simulation and security-awareness training program, focusing on reporting and resilience metrics.
• Act as the primary lead for technical security reviews of systems, integrations, and changes.
• Build foundational product security capabilities within the security operations team, partnering with product and firmware engineering on secure development practices, vulnerability awareness, and coordinated vulnerability handling.
• Develop the team's expertise in software and firmware security, serving as the security operations interface for product security matters.
• Support cybersecurity due diligence for M&A activities, evaluating target security posture, control maturity, and inherited risk, and informing integration planning.
• Operate and evidence security operations controls supporting CMMC / NIST 800-171 and SOX ITGC, in partnership with GRC.
• Produce and report security operations metrics (e.g., MTTD/MTTR, detection coverage, response quality) for leadership and the board.
• Partner with the vulnerability management owner on exploitation validation and risk-based prioritization.
• Exercise risk-based judgment to balance security requirements against business and operational priorities.
• Lead, mentor, and develop a team of security engineers and SOC analysts, setting clear expectations, building career paths, and raising the technical bar.

Benefits

• Health, dental, and vision insurance.
• Employer-sponsored 401(k) plan.
• Paid time off.
• Professional development opportunities.