Manager, Cybersecurity

XIFIN•San Diego, CA

2h•Onsite

About The Position

Are you interested in harnessing technology and AI to transform healthcare? At XiFin, we believe a healthier, more efficient healthcare system starts with strong financial and operational foundations. Our innovative technologies help diagnostic providers, laboratories, and healthcare systems manage complexity, drive better outcomes, and stay focused on what matters most: patient care. We’re on a mission to simplify the business side of healthcare—and we know that mission takes people from all backgrounds and experiences. Whether you’re early in your career or bringing years of expertise, we welcome your perspective, your curiosity, and your passion. We value individuals who ask questions, challenge the status quo, and want to grow while making a real difference. The Manager, Cybersecurity, is a hands-on SecOps leader responsible for the effectiveness of detection and response across the organization. You will lead a small internal team and manage an outsourced Managed Detection and Response (MDR) provider, ensuring strong operational execution across monitoring, incident response, threat hunting, and security tooling. You will lead vulnerability and exposure management with a SecOps mindset—driving asset visibility and coverage, risk-based prioritization, remediation verification, and risk acceptance (when appropriate) across endpoints, servers, cloud, and SaaS. You will track operational metrics (e.g., MTTA/MTTR, detection coverage, remediation aging), identify gaps, and execute a pragmatic roadmap that strengthens the security program and reduces cyber risk. You will own incident response end-to-end, triage and investigation, containment and eradication, and post-incident reviews ensuring documentation and evidence handling meet compliance requirements. You will coach and mentor the team, run tabletop exercises, maintain runbooks/playbooks, and set clear expectations for alert quality, escalation, and service levels. You will apply AI and automation to improve SecOps outcomes (e.g., faster triage, better context enrichment, and more consistent response) while maintaining appropriate human oversight, validation, and auditability. In partnership with stakeholders, you will help establish monitoring and controls for enterprise AI/LLM usage (approved tools, access, logging, and data handling) to reduce the risk of sensitive-data exposure and shadow AI. This is an onsite position located at our San Diego, CA office.

Requirements

BS in Computer Science, Engineering, or relevant disciple
8 years experience in cybersecurity with at least 2 years of leadership experience
In-depth experience in managing or using a SIEM
Technical proficiencies in securing Windows and Linux operating systems
Experience working with endpoint logging/EDR products
Extensive experience leading incident response investigations

Nice To Haves

Preferred certifications GCIH, GCIA, GCED, GCWN, GMON, GCUX, GCDA, CISSP
Familiarity with HIPAA and/or PCI-DSS a plus

Responsibilities

Lead internal day-to-day Security Operations (SOC) execution, including coaching, mentoring, and establishing on call/escalation coverage, operating rhythm, and create and conduct internal tabletop exercises.
Coordinate with and manage the outsourced MDR provider to ensure effective monitoring, alert triage, escalation, and reporting.
Oversee vulnerability and exposure management with IT/Engineering—improve asset visibility and coverage, prioritize remediation by exploitability and business impact, and track SLAs and risk reduction.
Lead incident response investigations across Windows and Linux (triage through containment/eradication and lessons learned), including documentation, evidence handling, and post-incident reviews.
Own incident response readiness by maintaining runbooks/playbooks, leading tabletop exercises, and improving stakeholder readiness and communications.
Research and apply AI/automation to SecOps workflows (e.g., alert enrichment, summarization, case management, and response orchestration) with strong human-in-the-loop controls, validation, and auditability.
Establish and operate monitoring and controls for enterprise AI/LLM usage (approved tools, access, logging, and data handling) to reduce risk of sensitive-data exposure and shadow AI.
Evolve incident response for AI-enabled threats (e.g., advanced phishing, business email compromise, and deepfake/social engineering), updating playbooks, detections, and stakeholder readiness.
Drive detection engineering for any platform not in scope with the MDR provider: build, test, tune, and maintain SIEM/EDR use cases, correlation rules, alert logic, and response automation to improve signal-to-noise.
Own log collection strategy and monitoring outcomes—onboard critical log sources, validate data quality, and tune alerts/dashboards to identify trends requiring early action.
Research attacker tradecraft (TTPs), emerging threats, and vulnerability/exploit trends, translating insights into actionable detections and response playbooks.
Lead an ongoing threat hunting and purple teaming program to validate detection coverage, uncover gaps, and prioritize improvements.
Define, document, and validate security baselines and hardening standards (e.g., Windows/Linux, cloud, identity) and partner with IT/Engineering to implement and measure compliance.

Benefits

Comprehensive health benefits including medical, dental, vision, and telehealth
401(k) with company match and personalized financial coaching to support your financial future
Health Savings Account (HSA) with company contributions
Wellness incentives that reward your preventative healthcare activities
Tuition assistance to support your education and growth
Flexible time off and company-paid holidays
Social and fun events to build community at our locations!

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume