Manager, Defensive Cyber SecOps

About The Position

Requirements

• 5+ years experience leading security operations, detection engineering, incident response, and/or security engineering teams, with direct ownership of operational outcomes.
• Strong hands‑on background in intrusion analysis using SIEM/log analytics, packet captures, and investigation tooling.
• Proven experience maturing SOAR automation and/or custom tooling to drive repeatable response actions.
• Strong detection engineering fundamentals, including alert fidelity, correlation, and continuous tuning.
• Experience operating in cloud‑first environments, with hands‑on security detection or response exposure in AWS and Azure.
• Comfort operating as both technical leader and people manager in on‑call, real‑time security environments.

Nice To Haves

• Experience iterating on AI‑assisted or agentic SOC workflows with measurable operational impact.
• Strong scripting experience (e.g., Python) for automation, integrations, and enrichment logic.
• Experience with breach and attack simulation, purple team exercises, or continuous control validation programs.
• Detection and response experience across AWS and Azure, including cloud-native logs, identity signals, and workload telemetry.
• Working knowledge of adversary tradecraft and defensive frameworks (e.g., MITRE ATT&CK, NIST‑aligned approaches).
• Security+, CEH, GSEC, CISSP, GCIA, GCIH, GSOC (Equivalent or comparable security engineering, detection, or incident response certifications are welcome.)

Responsibilities

• Lead and develop a small defensive operations team
• Manage, mentor, and grow a small team of security engineers and analysts focused on detection, response, and automation.
• Act as the primary technical escalation point for high‑severity incidents; lead investigations and response decision‑making.
• Set and reinforce quality standards for investigations, detections, automation, documentation, and on‑call readiness.
• Mature and iterate on an agentic SOC
• Evolve and refine agentic SOC workflows that improve triage speed, consistency, and decision quality through automated enrichment, correlation, and recommended or automated response actions.
• Iterate on existing SOC workflows, converting repeatable analyst effort into safe, reliable automation with clear guardrails, validation, and auditability.
• Define and track operational metrics such as detection coverage, alert fidelity, automation success rates, and MTTD/MTTR improvements.
• Detection engineering & threat detection operations
• Own detection engineering outcomes end‑to‑end: alert logic, correlation rules, anomaly thresholds, tuning, and continuous improvement.
• Mature a detection‑as‑engineering operating model, including requirements, testing, rollout, post‑deployment measurement, and documentation.
• SOAR & security automation
• Design, iterate on, and maintain SOAR playbooks for alert enrichment, containment, remediation, and case management.
• Enhance custom automation, integrations, and enrichment logic to reduce manual analyst effort and improve response consistency.
• Ensure automation remains resilient, production‑grade, well‑documented, and operationally safe at scale.
• Breach & attack simulation (continuous validation)
• Mature an existing breach and attack simulation capability to continuously validate detection and response effectiveness.
• Translate BAS findings into prioritized detection, automation, and response improvements on a repeatable cadence.
• Insider risk
• Advance insider threat detection and response capabilities, including use‑case refinement, signal quality, investigation workflows, and playbooks.
• Balance speed, precision, and appropriate controls while improving investigative consistency.

Benefits

• Medical, dental, and vision insurance
• Remote-flexible workforce
• Wellness Programs
• 401(k) program with employer match
• Flexible paid time off
• Generous Parental Leave
• Donations for Doers
• Pet insurance, legal and identity protection
• Tuition reimbursement program