Leader – Security Operations and Incident Response

About The Position

Requirements

• 10+ years of progressive experience in cybersecurity operations, SOC leadership, or incident response roles.
• 5+ years of leadership or management experience overseeing SOC, IR, or cyber defense teams.
• Demonstrated success in building, scaling, and maturing security operations programs.
• Advanced expertise with SIEM, SOAR, EDR, NDR, IDS/IPS, forensic tools, and threat analysis methodologies.
• Deep understanding of attacker tactics, threat intelligence, and the MITRE ATT&CK framework.
• Experience leading enterprise-scale incident response efforts.
• Excellent executive communication, briefing, and cross-functional leadership skills.
• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related discipline.
• Extensive experience in security operations, incident response, and cybersecurity leadership.
• Must be able to verify identity and employment eligibility to work in the U.S.

Nice To Haves

• Preferred certifications: CISSP, CISM, GIAC, CCSP, OSCP, or equivalent.
• Certifications such as CISSP, CCSP, CISM, GIAC, OSCP/OSCE, TOGAF, CASP+, or equivalent strongly preferred.
• Experience in the financial services or mortgage industry is a plus.

Responsibilities

• Lead and oversee daily operations of the Security Operations Center (SOC), ensuring timely and accurate detection, triage, and response to cybersecurity threats.
• Direct the management and optimization of security monitoring technologies (SIEM, EDR, IDS/IPS, NDR, DLP, and cloud monitoring).
• Define, maintain, and govern SOC processes, playbooks, and escalation procedures.
• Collaborate with IT, DevOps, engineering, network, and cloud teams to advance enterprise-wide security monitoring and visibility.
• Track, measure, and communicate SOC operational metrics, threat trends, and risk reduction to senior leadership.
• Leverage SOAR to automate repetitive tasks, standardize incident-response workflows, and free security teams to focus on higher-value, complex threats.
• Map SIEM detections, correlation rules, and behavioral analytics to MITRE ATT&CK, Cyber Kill Chain, and other threat-modeling frameworks to ensure comprehensive coverage and structured response.
• Lead detection engineering efforts by building high-fidelity alerts, tuning correlation logic, and aligning detection use cases to adversary TTPs, threat intelligence, and organizational risk priorities.
• Serve as Incident commander, leading enterprise-wide containment, eradication, and recovery during critical cybersecurity incidents.
• Oversee development, testing, and enhancement of the incident response plan, including tabletop exercises, simulations, and red/blue team engagements.
• Direct forensic investigations, malware analysis, threat hunting operations, and root-cause analysis activities.
• Provide executive communication and status updates during cyber incidents, ensuring clarity, transparency, and effective crisis management.
• Ensure incidents are documented, lessons learned are captured, and improvements are incorporated back into people, process, and technology.
• Drive the strategic maturity of security operations and incident response programs aligned with NIST CSF, MITRE ATT&CK, CIS Controls, ISO, and other frameworks.
• Ensure SOC and IR practices comply with financial services regulatory requirements (GLBA, PCI DSS, FFIEC, NYDFS, HIPAA, SOX).
• Mentor, develop, and coach SOC analysts, incident responders, and engineers to build a high-performing and continuously improving organization.
• Evaluate and recommend emerging technologies, security tools, and operational enhancements to strengthen the cyber defense roadmap.
• Act as a trusted advisor to executive leadership on operational risk, cyber resilience, and incident readiness.

Benefits

• health, dental & vision
• retirement with company contribution
• parental leave
• mental health & wellness benefits
• generous PTO
• sales incentive pay for most sales roles
• annual bonus plan for eligible non-sales roles