Incident Command & Threat Hunting Operations Manager

About The Position

Requirements

• Doctorate in Statistics, Mathematics, Computer Science, or related field OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR equivalent experience.

Nice To Haves

• Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 6+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 8+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection OR equivalent experience.
• 1+ year(s) people management and/or team leadership experience, including leading security functions (e.g., SOC, TVM) and multi-disciplinary teams.
• Relevant certifications preferred (CISSP, CISA, CISM, SANS, OSCP, Security+).
• Experience in incident response, incident command, threat hunting/detection, and Security Operations (SOC/SecOps).
• Experience managing high-severity incidents and crisis response at scale.
• Understanding of adversary tactics, techniques, and procedures (TTPs), threat intelligence integration, and incident management frameworks (e.g., MFIRP, ICS).
• Experience leading cross-functional teams in complex environments and fraud/abuse ecosystems (e.g., Azure, M365, Partner Center).
• Familiarity with Kusto, telemetry analysis, ServiceNow or similar case management platforms, and detection engineering/automation pipelines.
• Experience building operational frameworks, RACI models, and governance structures.

Responsibilities

• Own and evolve the Major Incident governance model, including severity definitions, escalation pathways, and decision authority
• Act as incident command authority for high-severity (Sev A / Sev 1) or systemic incidents
• Coordinate cross-functional response across engineering, fraud, security, and product teams
• Ensure incidents are driven to resolution with clear ownership, timelines, and accountability
• Oversee incident classification, severity validation, and escalation consistency
• Sponsor and drive post-incident reviews (PIRs) to address root cause and systemic gaps
• Lead and develop a team of Major Incident Leads (MILs) or equivalent responders
• Assign and support leadership coverage across incidents and priority workstreams
• Coach incident leads on: Command and control execution, Prioritization and trade-off decisions, Stakeholder alignment and communication
• Step in to stabilize incidents that stall, escalate improperly, or degrade in quality
• Define and operationalize threat hunting strategy and standards across Fraud Ops ecosystems
• Lead proactive hunts targeting: Undetected adversary activity, Fraud patterns and abuse campaigns, Emerging attack techniques and TTPs
• Ensure hunts are hypothesis-driven, intelligence-informed, and measurable
• Drive integration of threat intelligence, telemetry, and analytics into hunting workflows
• Lead and develop a team of Threat Hunt Leads (THLs) or equivalent responders
• Assign and support leadership coverage across Hunts and priority workstreams
• Coach incident leads on: Threat Hunt execution, Prioritization and trade-off decisions, Stakeholder alignment and communication
• Step in to stabilize Hunts that stall, escalate improperly, or degrade in quality
• Ensure seamless integration between: Reactive incident response, Proactive threat hunting, Detection engineering and automation
• Translate incident learnings into: New detections, Hunting hypotheses, Process and tooling improvements
• Drive closed-loop improvement model across incidents and hunts
• Serve as a central coordination point across: Fraud Operations, Cyber Defense Operations, Engineering and product teams, Threat intelligence and detection teams
• Mobilize appropriate stakeholders during incidents and threat hunts
• Ensure consistent execution across distributed teams and geographies
• Define and track key performance indicators: Time to detect (TTD), Time to mitigate (TTM), Incident containment effectiveness, Threat hunting yield and impact
• Establish audit-ready processes and documentation standards
• Drive continuous improvement across: Incident lifecycle management, Threat detection effectiveness, Operational efficiency
• Align operations to Fraud-first principles and financial harm reduction
• Ensure policy alignment, compliance, and enforcement consistency
• Define operational strategies for: Risk prioritization, Resource allocation, Capability development (automation, tooling, analytics)
• Influence roadmap for incident response and threat hunting capabilities

Benefits

• Certain roles may be eligible for benefits and other compensation.