Security Operations Manager

About The Position

Requirements

• Proven experience managing outsourced security operations through MDR or MSSP providers, including oversight of detection coverage, escalation workflows, SLA performance, and continuous service improvement.
• Hands-on ability to tune detection logic, build playbooks, and manage alert pipelines within SIEM and EDR platforms.
• Strong understanding of threat intelligence, indicators of compromise, and malware behavior to inform detection and response strategies.
• Working knowledge of detection frameworks such as MITRE ATT&CK, and experience applying them to develop and improve detection coverage.
• Up-to-date understanding of incident response methodologies, system hardening guidelines, and configuration baselines (e.g., CIS Benchmarks, NIST 800-53).
• Experience building or maturing SOC processes, including runbooks, escalation procedures, metrics reporting, and continuous improvement programs.
• Strong business acumen with the ability to align security operations with organizational risk tolerance, compliance obligations, and business priorities.
• Exceptional written and verbal communication skills, with a proven ability to translate security and risk topics for technical and non-technical audiences, including executive leadership.
• Demonstrated problem-solving capabilities and ability to manage complex security requirements across multiple sites or international environments.
• Bachelor's degree in Information Security, Computer Science, Management Information Systems, or a related field required. Equivalent industry experience considered in lieu of a degree.
• 7+ years of information security experience, with at least 3+ years in a SOC leadership or senior analyst role managing detection, response, and escalation operations.
• Experience with and understanding of regulatory requirements and security frameworks including NIST, ISO 27001, PCI-DSS, GDPR, CCPA, CIS, or SOC 2.
• Hands-on experience with SIEM platforms and EDR/XDR solutions.

Nice To Haves

• Experience with security orchestration and automation (SOAR) platforms.
• Exposure to OT/ICS security monitoring concepts and challenges.
• CISSP, CRISC, GSOM, or GCIA certifications preferred.
• Experience with Microsoft Sentinel (SIEM) and Microsoft Defender (EDR) strongly preferred.
• Experience with vulnerability management and security monitoring across cloud environments, particularly Microsoft Azure, preferred.
• Experience with firewalls and privileged access management solutions preferred.

Responsibilities

• Monitor security systems and provide early response to potential threats.
• Analyze technologies and establishes highly effective processes and protocols to ensure comprehensive protection exists to prevent unauthorized entry into company networks and systems.
• Support automation and orchestration to maximize team talent and reduce routine tasks.
• Drive creation of countermeasures to protect company personnel and information assets.
• Take ownership of a comprehensive logging and monitoring methodology for the enterprise.
• Document, prioritize, and formally report incidents, root cause analyses, and after-action reviews.
• Coordinate between internal and external resources protecting enterprise systems. Manage related third parties to ensure Service Level Agreements, expectations, and contractual requirements are being achieved.
• Manage Security Administrators responsible for firewalls, network and host intrusion prevention/detection systems, virtual private networks, threat intelligence platforms, endpoint protection, email security, forensic tools, public/private/hybrid cloud infrastructure, identity and access management systems, and physical security systems.
• Work closely with system owners to advise and support remediation efforts to close vulnerability exposure to new threats in the wild and verify the organization’s security posture against them.
• Provide support to business groups launching new technology applications and services to verify that new offerings are effectively logging and reporting activity.
• Communicate incident activity in a manner understood by technical and non-technical business units, and gain support through influential messaging.
• Defines SOC key performance indicators and metrics that align with business initiatives and delivers them to non-technical individuals in an effective, understandable manner.
• Collaborate with security groups such as red teams, threat intelligence, and risk management to form a holistic team dedicated to thwarting attackers and reducing attack surface.
• Understand breach and attack simulation solutions to validate and improve the effectiveness of preventative controls and incident response.
• Work as a team to consistently learn and share advanced skills and foster team excellence.

Benefits

• Collaborative work environment that values innovation and teamwork
• Inclusive company culture built on respect, integrity, and continuous improvement
• Career growth opportunities with access to training, and mentorship
• Work–life balance support through flexible practices and employee wellness initiatives
• Comprehensive benefits package including health, retirement, and employee programs
• Global impact by contributing to sustainable solutions and industry-leading technologies