Security Operations Manager

About The Position

Requirements

• 5+ years of experience in Security Operations, Incident Response, or SOC‑related roles.
• 2+ years of direct experience managing and operating ServiceNow Security Incident Response (SIR), including workflow ownership and playbook design.
• Demonstrated experience designing or operating incident response automation and playbooks within SIR or SOAR‑like platforms.
• Hands‑on experience integrating EDR platforms (e.g., Microsoft Defender and/or CrowdStrike Falcon) with ServiceNow SIR.
• Strong experience operating and managing EDR and SIEM solutions in an enterprise environment.
• Strong hands‑on experience with Microsoft Azure security solutions, including capabilities available through Microsoft E5 subscriptions.
• Demonstrated experience managing and improving MTTx metrics (e.g., MTTD, MTTR) to drive operational change.
• Proven experience leading security operations teams, including internal staff and external service providers.
• Strong incident leadership, communication, and decision‑making skills with the ability to influence across teams.

Nice To Haves

• Core Role Criteria: Security Operations Ownership: End‑to‑end accountability for SecOps outcomes, not just alert handling or vendor oversight.
• ServiceNow SIR & Automation (Critical): Proven ability to design, implement, and improve SIR workflows and playbooks tied to measurable outcome improvements.
• EDR / SIEM Operational Depth: Strong understanding of detection quality, enrichment, routing, and response tuning.
• Metrics‑Driven Execution: Uses MTTx metrics to prioritize automation, justify investment, and demonstrate improvement.
• People & Vendor Leadership: Successfully leads blended teams (internal, MSP, offshore) while standardizing execution through playbooks.
• Builder Mindset: Lands quickly, stabilizes operations, and then modernizes through automation and process design.

Responsibilities

• Own the execution and continuous improvement of Aya Healthcare’s enterprise Security Operations program.
• Lead a blended security operations model combining internal analysts, nearshore/offshore resources, and managed service providers.
• Establish clear operating models, escalation paths, staffing coverage expectations, and accountability across all SecOps resources.
• Serve as the primary owner of ServiceNow Security Incident Response (SIR) workflows, data models, and operating procedures.
• Design, implement, and continuously improve SIR playbooks to automate triage, enrichment, containment, and response actions.
• Drive automation that reduces manual analyst effort and improves MTTD, MTTR, and MTTC through standardized playbook execution.
• Ensure incidents are consistently triaged, investigated, documented, and remediated using ServiceNow SIR.
• Oversee detection and response capabilities across EDR and SIEM platforms, ensuring high‑quality signal ingestion and routing into SIR.
• Operate confidently across Microsoft Azure security capabilities available through Microsoft E5 environments (e.g., Defender, Sentinel).
• Define, track, and improve MTTx metrics, using data to prioritize automation and process improvements.
• Lead post‑incident reviews and ensure lessons learned translate into improved detections, playbooks, and response procedures.
• Manage, coach, and develop security operations personnel while fostering a high‑energy, accountable team culture.
• Act as a trusted escalation point during security incidents and clearly communicate operational risk and response status to leadership.

Benefits

• Free premium medical, dental, life and vision insurance
• Generous 401(k) match
• Reimbursements and discretionary bonuses
• Paid sick leave in accordance with all applicable state, federal, and local laws
• Unlimited DTO
• Virtual yoga, meditation or boot camp classes offered daily