Senior Cyber Defense Manager - Incident Response

Boyd Gaming•Las Vegas, NV

About The Position

Boyd Gaming Corporation has been successful in gaming jurisdiction in which we operate in the United States and is one of the premier casino entertainment companies in the United States. Never content to rest upon our successes, we will continue to evolve and retain a position of leadership in our industry. Our past success, our current business philosophies and our sound business planning, combine to position Boyd Gaming Corporation to maximize value for our shareholders, our team members and our communities. Lead the Cyber Incident Response Program Oversee the full incident response lifecycle: preparation, identification, containment, eradication, recovery, and post-incident lessons learned (per NIST SP 800-61 or similar frameworks). Manage day-to-day incident response operations, including triage, investigation coordination, forensic analysis, and executive-level reporting. Develop, maintain, and regularly test incident response playbooks, runbooks, and escalation procedures. Enhance Detection Capabilities Drive continuous improvement of threat detection engineering, including tuning of SIEM rules, EDR/XDR configurations, threat intelligence integration, and behavioral analytics. Collaborate with SOC, threat hunting, and security engineering teams to reduce false positives, accelerate mean time to detect (MTTD) and respond (MTTR), and implement proactive detection use cases. Lead initiatives to mature internal blue-team capabilities across endpoints, cloud, identity, network, and email environments. Manage MSSP Services Transition Lead the end-to-end transition of MSSP services from the current provider to the new partner, including planning, knowledge transfer, contract/SLA alignment, and cutover execution. Conduct due diligence on the new MSSP, define transition success criteria, and mitigate risks during handover (e.g., service continuity, data migration, access controls). Establish governance for the new MSSP relationship, including performance monitoring, regular service reviews, incident handoff protocols, and continuous improvement feedback loops. Ensure the transition strengthens rather than disrupts detection and response effectiveness. Team Leadership & Development Build, mentor, and lead a high-performing incident response team (internal analysts, responders, and cross-functional partners). Provide performance management, career development, and technical coaching to team members. Foster a culture of continuous learning, tabletop exercises, red/blue team simulations, and post-incident reviews. Stakeholder Collaboration & Reporting Serve as the primary point of contact for major incidents, briefing executive leadership, legal, compliance, and external regulators as needed. Coordinate with IT, legal, risk, business units, and external partners (e.g., law enforcement, forensics firms) during incidents. Produce executive-level reports on incident trends, program maturity, detection improvements, and transition status. Program Maturity & Compliance Align incident response practices with industry standards (NIST, ISO 27001, MITRE ATT&CK, etc.) and regulatory requirements. Drive metrics-driven improvements and maturity assessments for the IR program. Contribute to enterprise-wide security initiatives, including vulnerability management, threat intelligence, and security awareness.

Requirements

10+ years of progressive experience in cybersecurity, with at least 5+ years in incident response, digital forensics, or security operations leadership roles.
Proven experience leading cyber incident response teams and managing complex, high-impact incidents.
Demonstrated success in vendor/MSSP transitions or outsourcing handovers in a cybersecurity context.
Strong understanding of detection technologies (SIEM, EDR/XDR, SOAR, threat intelligence platforms) and experience improving detection efficacy.
Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a related field (Master's preferred).
Relevant certifications such as CISSP, CISM, GIAC GCFA/GCIH/GCTI, or similar.
Exceptional leadership, communication, and stakeholder management skills — able to translate technical details for non-technical audiences.
Strong project/program management abilities, especially in high-stakes transitions.
Analytical mindset with experience in root cause analysis and threat hunting.
Ability to thrive in a fast-paced, high-pressure environment with on-call responsibilities.
Strategic thinker focused on long-term program maturity and risk reduction.

Nice To Haves

Experience in a regulated industry (e.g., finance, healthcare, critical infrastructure).
Hands-on technical experience with tools such as Splunk, Elastic, CrowdStrike, Microsoft Defender, Sentinel, or similar.
Prior experience building or maturing an internal SOC/IR function while reducing MSSP dependency.

Responsibilities

Lead the Cyber Incident Response Program
Oversee the full incident response lifecycle: preparation, identification, containment, eradication, recovery, and post-incident lessons learned (per NIST SP 800-61 or similar frameworks).
Manage day-to-day incident response operations, including triage, investigation coordination, forensic analysis, and executive-level reporting.
Develop, maintain, and regularly test incident response playbooks, runbooks, and escalation procedures.
Enhance Detection Capabilities
Drive continuous improvement of threat detection engineering, including tuning of SIEM rules, EDR/XDR configurations, threat intelligence integration, and behavioral analytics.
Collaborate with SOC, threat hunting, and security engineering teams to reduce false positives, accelerate mean time to detect (MTTD) and respond (MTTR), and implement proactive detection use cases.
Lead initiatives to mature internal blue-team capabilities across endpoints, cloud, identity, network, and email environments.
Manage MSSP Services Transition
Lead the end-to-end transition of MSSP services from the current provider to the new partner, including planning, knowledge transfer, contract/SLA alignment, and cutover execution.
Conduct due diligence on the new MSSP, define transition success criteria, and mitigate risks during handover (e.g., service continuity, data migration, access controls).
Establish governance for the new MSSP relationship, including performance monitoring, regular service reviews, incident handoff protocols, and continuous improvement feedback loops.
Ensure the transition strengthens rather than disrupts detection and response effectiveness.
Team Leadership & Development
Build, mentor, and lead a high-performing incident response team (internal analysts, responders, and cross-functional partners).
Provide performance management, career development, and technical coaching to team members.
Foster a culture of continuous learning, tabletop exercises, red/blue team simulations, and post-incident reviews.
Stakeholder Collaboration & Reporting
Serve as the primary point of contact for major incidents, briefing executive leadership, legal, compliance, and external regulators as needed.
Coordinate with IT, legal, risk, business units, and external partners (e.g., law enforcement, forensics firms) during incidents.
Produce executive-level reports on incident trends, program maturity, detection improvements, and transition status.
Program Maturity & Compliance
Align incident response practices with industry standards (NIST, ISO 27001, MITRE ATT&CK, etc.) and regulatory requirements.
Drive metrics-driven improvements and maturity assessments for the IR program.
Contribute to enterprise-wide security initiatives, including vulnerability management, threat intelligence, and security awareness.