Security Operations Manager

City of SeattleSeattle, WA
Hybrid

About The Position

The City of Seattle is seeking qualified candidates for the position of Security Operations Manager (IT Professional A) in the Seattle Information Technology’s (Seattle IT) Security and Infrastructure Division. The City of Seattle is a leading local government in environmental stewardship and social justice. Our dedicated workforce plays a significant role in shaping a future where all who live, work, and play in our city can thrive. Seattle Information Technology (Seattle IT) is a trusted partner dedicated to delivering secure, reliable, and responsible technology solutions that help the City provide equitable and effective services to our communities. Our team of more than 600 IT professionals supports a full spectrum of modern enterprise services and offers dynamic career paths with opportunities for growth and development. We’re committed to building a workforce that reflects the diversity of the residents we serve. We welcome people of all backgrounds, perspectives, and skills to join our team, because the more diverse we are, the stronger and more innovative our work becomes.

Requirements

  • Bachelor’s degree or equivalent experience in a technology-related field.
  • Seven years’ combined experience in information technology, with a significant portion of that time in cybersecurity roles.
  • Five years of managerial experience leading, mentoring, and developing a technical team, with a significant portion of that time being with a cybersecurity-related team.
  • Advanced knowledge of the various attack tactics, techniques, and practices used by threat actors, as well as networking technologies, protocols, and common security tools.
  • Demonstrated ability to develop, improve, and exercise incident response plans and procedures.
  • Significant experience with cyber incident response.
  • Ability to pass Criminal Justice Information Services (CJIS) background check within six months of hire.

Nice To Haves

  • Knowledge of a breadth of technical domains, including one or more of servers, identity, cloud, database, and applications.
  • Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) certification.
  • Experience with red/purple/blue teaming, penetration testing, tabletop exercises, and other forms of assurance of cyber defenses and response readiness.
  • Understanding of federal, state, and regulatory compliance drivers and requirements relevant to municipal governments and utility organizations.
  • Experience leading union-represented staff.
  • Experience successfully handling vendor relationships.

Responsibilities

  • Manage and lead ongoing improvements in Seattle IT’s citywide incident detection and response program, including the development and enhancement of incident response plans, processes, and tools to effectively run the program.
  • Coordinate detection engineering, SIEM/SOAR operations, EDR/XDR/NDR telemetry, forensic investigations, threat intelligence gathering and sharing, enterprise event log collection, and threat hunting activities.
  • Regularly validate the effectiveness of cybersecurity defenses and incident response readiness through measurable metrics, tabletop exercises, red/purple/blue teaming, and other approaches.
  • Lead Security Operations’ contribution to the City’s vulnerability management program in partnership with peer technical managers and compliance partners, providing operational metrics as needed and supporting a risk-based approach to prioritization of vulnerability remediation.
  • Proactively adapt Security Operations cyber defense capabilities in anticipation of City projects and programs, strategic direction, and industry shifts.
  • Maintain and grow strong operational relationships and processes between Security Operations and security partners across the City’s public safety, utility, transportation, and operational technology environments.
  • Assume incident command or other designated roles in cybersecurity incidents as defined by the relevant incident response plan.
  • Regularly review response plans to ensure incident notification reporting requirements for relevant compliance, federal, and state entities are documented and current.
  • Negotiate vendor contracts for a strengthened security posture at an advantageous cost.
  • Develop cybersecurity strategic roadmaps that are aligned with larger Seattle IT and City strategic goals and initiatives.
  • Advise senior leadership on issues, challenges, trends, and opportunities, and recommend how those should influence division standard processes and strategies.
  • Provide overall management and coaching of the security operations staff, including developing training programs, setting team objectives and individual expectations, aligning team members for individual and team success, assessing performance, and meeting key performance indicators.
  • Establish and cultivate strong strategic partnerships with City peers and collaborators in cybersecurity risk, privacy, infrastructure, endpoint, identity, applications, operational technology, and other relevant domains.
  • Ensure alignment on security objectives, incident readiness, and roadmaps.
  • Continually evaluate our security vendor and managed service relationships, including managed service providers, for value, service performance, incident coordination, and alignment with strategic roadmaps and industry direction.
  • Maintain awareness of industry trends and developments in cybersecurity and adjacent domains that may impact our environment, and work with the Security Leadership to adjust approaches and roadmaps as needed.
  • Communicate effectively and professionally with all levels of the organization.
  • Lead executive briefings and incident command communications during cybersecurity events, exercises, and readiness reviews, translating technical risk into operational and policy decisions for senior City leadership.
  • Periodically support and advise sister agencies in their cybersecurity practices, protocols and incident response.
  • Lead the team in incorporating the City’s Race and Social Justice Initiative values and objectives into daily work, programs, and practices.
  • Engage in strategic leadership, partnership, and mutual support with the S&I divisional leadership team and Seattle IT-wide leadership/management bodies and actively represent our leadership values daily.
  • Manage the Security Operations team’s annual budget, including forecasting, tracking of actuals, and identification of cost savings and efficiencies.
  • This position may be required to work outside of business hours in response to incident scenarios.

Benefits

  • Vacation, holiday, and sick leave
  • Medical, dental, vision, life and long-term disability insurance for employees and their dependents
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service