Director, Security Operations

About The Position

Requirements

• 10+ years of progressive experience in cybersecurity, including deep expertise in Security Operations and Incident Response.
• 5+ years of experience leading SOC and IR teams in enterprise or SaaS environments.
• Extensive experience leading and working with international cyber teams
• Strong hands-on knowledge of: Incident response frameworks and playbooks
• MITRE ATT&CK and D3FEND frameworks
• SIEM, SOAR, EDR/XDR technologies
• Vulnerability management and exposure reduction
• Cloud security and configuration management
• Proven experience serving as incident commander for high-severity cyber incidents.

Nice To Haves

• Experience with breach response coordination involving legal, privacy, and communications teams.
• Familiarity with regulatory notification requirements and customer communications.
• Industry certifications such as CISSP, CISM, GIAC (GCIH, GCED), or equivalent.

Responsibilities

• Lead and oversee 24x7 security operations and enterprise incident response capabilities.
• Own the Incident Response (IR) program, including policies, playbooks, escalation paths, and communication protocols.
• Ensure rapid identification, containment, eradication, and recovery from security incidents.
• Act as executive incident commander for high-severity incidents, coordinating technical, legal, privacy, communications, and business stakeholders.
• Conduct and oversee post-incident reviews, root cause analysis, and corrective action plans.
• Ensure lessons learned are translated into improved detections, controls, and preventive measures.
• Lead tabletop exercises and simulate cyber incidents to validate readiness and executive decision-making.
• Establish and mature a structured threat hunting program focused on identifying advanced, persistent, and evasive threats not detected by automated controls.
• Direct hypothesis-driven threat hunts using adversary TTPs, threat intelligence, and MITRE ATT&CK mappings.
• Ensure threat hunting outcomes drive improvements in detection logic, alert fidelity, and preventive controls.
• Own the enterprise vulnerability management program across infrastructure, endpoints, applications, containers, and cloud platforms.
• Establish risk-based vulnerability prioritization using exploitability, business impact, asset criticality, and threat intelligence.
• Oversee vulnerability scanning, validation, remediation tracking, and executive reporting.
• Drive continuous improvement in remediation SLAs and vulnerability reduction metrics.
• Guide development and tuning of threat detection use cases aligned to the MITRE ATT&CK framework.
• Ensure comprehensive telemetry coverage across endpoint, identity, network, cloud, and SaaS environments.
• Integrate vulnerability, misconfiguration, and threat intelligence to improve exposure-based detection and response.
• Partner with Security Architecture and Engineering teams to operationalize secure-by-design and preventive controls.
• Define and track operational SLAs, KPIs, and KRIs for SOC performance, incident response effectiveness, vulnerability management, and configuration security.
• Provide clear, concise, risk-based reporting to executive leadership and the Board.
• Support regulatory, audit, and customer assurance activities (SOC 2, PCI, SOX, etc.), including incident response evidence and reporting.
• Build, mentor, and lead high-performing SOC, IR, and vulnerability management teams.
• Establish on-call, escalation, and follow-the-sun operational models.
• Manage security operations vendors, MDR providers, and tooling investments to maximize coverage and efficiency.
• Drive automation through SOAR and workflow orchestration to improve response speed and consistency.