Manager, Threat Detection and Response

About The Position

Requirements

• 6+ years experience in security operations, including alert triage and investigation
• 4+ years conducting large scale incident response activities with 2+ years leading
• 2+ years managing people and security operations teams.
• Comfort operating in ambiguity, balancing strategic thinking, security, and practicality.
• Ability to support occasional off-hours incident response efforts
• Expertise in attacker techniques in cloud-native and traditional environments.
• Hands-on experience owning security technologies (e.g., EDR, AntiVirus, etc.)
• Expertise in AWS audit and security services to investigate cloud centric threats
• Expert usage, data onboarding, and data administration within Splunk
• Mastery of investigation methods and capable of handling complex and ambiguous cases
• Practical experience with cross-platform and hybrid environment investigations
• Ability to perform detailed host analysis on Mac, Windows, & Linux systems
• Proficient in correlating patterns across assets and environments to support investigation.
• Incident lifecycle master with ability to cohesively manage simultaneous workstreams
• Ability to make tactical and fundamental recommendations to improve security
• Ability to design large-scale threat detection using diverse technologies and data sets
• Skilled in evaluating quantitative and qualitative effectiveness of security measures
• Familiarity with modern engineering and detection engineering practices
• Passion for solving complex security problems in innovative and scalable ways
• A drive for change through continuous improvement
• Capable of working independently but possesses a collaborative mindset
• Ability to work in a fast-paced environment, often juggling multiple projects
• Experience working independently and as part of a team
• Applicants must be authorized to work without the need for visa sponsorship by the start date of employment.
• This role will need to be conducted in a state in which we are currently registered to do business.

Responsibilities

• Develop a team, providing coaching, mentorship, goal setting, and performance feedback.
• Mature effectiveness and efficiency by improving processes, tooling, and documentation.
• Collaborate with security leadership to execute business aligned, risk reduction roadmaps.
• Own execution and prioritization across projects and operations, using agile delivery practices.
• Shape work scope, sequencing, and success criteria in line with department and company needs.
• Enhance tooling, automation, and integrations to improve visibility and reduce manual effort.
• Perform daily alert investigation and response in a cloud-native and traditional environment.
• Investigate and lead teams responding to incidents of varying sizes and complexities.
• Define roles and make hiring decisions to grow the team in line with department needs.
• Remain hands on, balancing technical leadership with direct response work.
• Communicate risks and technical concepts with clarity to leadership and stakeholders.
• Define and maintain metrics to measure impact, optimize execution, and guide investment.
• Accelerate adoption of AI, balancing practicality enablement, and risk management.
• Facilitate incident training, including table top exercises.
• Lead and refine detection engineering, including the creation and upkeep of threat detections.
• Collaborate on threat models by incorporating detection use cases into designs.
• Identify systemic issues and collaborate on approaches to address root causes.
• Compose high-quality incident and threat reports for executives.
• Provide insights and input on tool selection to help grow our cybersecurity portfolio.
• Ensure all end users receive delightful and informative interactions with Security.

Benefits

• Equity awards in accordance with the terms of Contentful’s equity plans.