Manager, Security Detection and Response

About The Position

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field; or equivalent combination of education and professional experience.
• 7+ years of progressive experience in cybersecurity with a minimum of 5 years in security operations, threat hunting, or incident response.
• 3+ years of direct people management experience, including performance management, hiring, and employee development.
• Hands-on expertise with enterprise SIEM platforms (e.g., Splunk, Microsoft Sentinel, IBM QRadar); demonstrated ability to author detection content, write complex queries, and conduct forensic investigations.
• Practical experience with endpoint detection and response (EDR) platforms (e.g., CrowdStrike, SentinelOne, Microsoft Defender for Endpoint), network security tooling, and cloud security environments (Microsoft Azure, AWS).
• Strong understanding of threat intelligence frameworks (MITRE ATT&CK, Diamond Model, Kill Chain) and their operational application.
• Demonstrated ability to lead incidents under pressure, communicate clearly to executive audiences, and produce high-quality written post-incident reports.
• Certified Information Systems Security Professional (CISSP)

Nice To Haves

• Master’s degree in Cybersecurity, Computer Science, or MBA.
• Experience in critical infrastructure, utilities, energy, or industrial sector environments, with exposure to OT/ICS security monitoring.
• Experience with SOAR platforms and developing automated detection and response workflows at enterprise scale.
• Familiarity with Privileged Access Management (PAM) solutions and privileged account monitoring as a detection surface.
• Experience supporting compliance programs (SOC 2 Type II, NIST CSF, CIS Controls v8, NERC CIP).
• One of the following certifications
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Enterprise Defender (GCED) or GCIA
• Certified Information Security Manager (CISM)

Responsibilities

• Own and continuously mature the enterprise SIEM platform (e.g., Splunk, Microsoft Sentinel, IBM QRadar), including content development, correlation rules, dashboards, and alert fidelity optimization across IT and OT/ICS environments.
• Lead and direct a team of threat hunters executing proactive, hypothesis-driven hunting operations using MITRE ATT&CK and other threat intelligence frameworks, with particular focus on adversary techniques targeting critical infrastructure and utilities.
• Manage SOAR playbooks and automated response workflows (e.g., Splunk SOAR, Microsoft Sentinel Automation, Palo Alto XSOAR) to accelerate mean time to detect (MTTD) and mean time to respond (MTTR); drive measurable improvement quarter over quarter.
• Oversee integration of detection telemetry from endpoint protection platforms (e.g., CrowdStrike, SentinelOne, Microsoft Defender), network security controls (e.g., secure web gateways, NGFW, proxy), vulnerability management feeds, and cloud security tooling into the SIEM pipeline.
• Direct and command security incident response operations, from initial triage and containment through root cause analysis and lessons-learned review; serve as IR commander for high-severity events.
• Develop, maintain, and rehearse incident response plans and playbooks, including scenarios specific to OT/ICS environments and critical infrastructure disruption.
• Coordinate with operating unit security liaisons, legal, communications, and executive leadership during significant security events; manage evidence preservation and chain-of-custody requirements.
• Oversee structured threat hunting campaigns; ensure hunt findings are translated into durable detections, documented in hunt reports, and fed back into the detection pipeline to continuously improve coverage.
• Lead, mentor, and develop a team of SOC analysts and threat hunters; manage hiring, performance reviews, career development, and retention.
• Define and track SOC performance metrics and SLAs; report on program effectiveness, KPIs, and risk posture to senior leadership on a regular cadence.
• Partner with Security Engineering, Identity, and GRC teams to operationalize security controls, drive vulnerability remediation prioritization, and support audit and compliance activities (SOC 2, CIS Controls v8, NIST CSF).
• Manage relationships with MDR/MSSP partners, threat intelligence providers, and relevant ISACs to augment internal capabilities and maintain situational awareness.
• Develop and deliver tabletop exercises, hunt team training, and functional security awareness content for SOC staff, threat hunters, and IT/OT stakeholders.
• Adhere to all internal standards, policies, and procedures; perform other duties as assigned.
• Manages the IT Security Operations team that operates and maintains production information security systems.
• Works with senior leaders across the business to assess and communicate acceptable levels of risk.
• Develops, mentors and manages a high performing staff of information security professionals; including performance management, employee relations, etc. are in place while being responsible for retention and employee development.
• Oversees Quanta’s information security review, vulnerability management and pen testing.
• Ensures proper security documentation is in place.
• Develops business metrics to measure the effectiveness of the security management program and increase the maturity of the program over time.
• Monitors the industry and external environment for emerging threats and advises relevant stakeholders on appropriate courses of action.
• Oversees incident response planning and the investigation of security breaches, and assists with any associated disciplinary, public relations and legal matters.
• Maintains technical reference library; develops training material and workshops for IT, program and security staff as appropriate.
• Adheres to internal standards, policies and procedures.
• Performs other duties as assigned.