Senior Director, Security Threat

EcolabSaint Paul, MN
$168,400 - $252,600Remote

About The Position

The Director of Threat Management is responsible for leading the enterprise detection and response function, owning the reactive side of security: identifying, investigating, and containing threats across a global Fortune 500 environment. This role provides leadership for the Security Operations Center (SOC), Cyber Threat Intelligence (CTI), Detection Engineering, and Incident Response (IR), and is accountable for the speed and quality of threat detection, triage, investigation, and response across the enterprise. The Director of Threat Management leads a 24x7 monitoring and response organization while advancing the detection engineering pipeline, maturing threat intelligence integration, and driving measurable improvement in mean time to detect and mean time to respond. The role combines strategic direction, operational accountability, and organizational leadership to reduce enterprise risk from active and emerging threats, partnering closely with the platform engineering team that owns the underlying security tooling.

Requirements

  • Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, Engineering, or a related discipline; equivalent experience may be considered.
  • 12+ years of progressive experience in cybersecurity, security operations, threat detection, incident response, or threat intelligence.
  • 5+ years of leadership experience managing multi-team security operations or threat functions at the Senior Manager or Director level.
  • Demonstrated success leading detection and response programs across SOC operations, detection engineering, threat intelligence, and incident response.
  • Experience managing 15+ person organizations including managers, analysts, and engineers with varied technical specializations.
  • Experience leading major incident response and driving measurable improvement in detection coverage and response times.
  • Experience building or standing up new detection, intelligence, or response capabilities, teams, or services.
  • Strong knowledge of SIEM and log management platforms and log storage technologies such as Elasticsearch or Splunk, including data onboarding, retention, and detection content management.
  • Strong knowledge of security orchestration, automation, and response (SOAR) platforms such as Swimlane or Cortex XSOAR.
  • Strong knowledge of detection engineering practices, detection-as-code, and detection coverage mapped to MITRE ATT&CK.
  • Experience with the cyber threat intelligence lifecycle, threat actor tracking, and intelligence-led detection and hunting.
  • Experience with incident response frameworks, forensic investigation concepts, and major incident coordination.
  • Understanding of threat detection across cloud (Azure, AWS, GCP), endpoint, network, and identity telemetry sources.
  • Familiarity with security frameworks and models such as MITRE ATT&CK, NIST CSF 2.0, and the cyber kill chain.

Nice To Haves

  • Experience in a Fortune 500, global, manufacturing, or industrial environment with complex, heterogeneous technology estates.
  • Prior experience standing up or transforming a SOC, threat intelligence, detection engineering, or incident response function.
  • Experience with threat detection and response in operational technology (OT) or industrial control system (ICS) environments.
  • Familiarity with platforms such as Elastic, Splunk, Swimlane, Cortex XSOAR, CrowdStrike, or Microsoft Sentinel.
  • Relevant certifications such as CISSP, CISM, GCIH, GCIA, GCTI, or GCFA.

Responsibilities

  • Define and own the enterprise threat detection and response strategy, roadmap, and operating model aligned to cybersecurity, risk, and business objectives.
  • Mature the threat management program through formal governance, playbooks, standards, metrics, and leadership reporting.
  • Present detection and response posture, incident trends, risks, and investment needs to security leadership and executive stakeholders.
  • Establish and monitor KPIs such as mean time to detect (MTTD), mean time to respond (MTTR), detection coverage, and alert quality.
  • Lead prioritization decisions across the SOC, threat intelligence, detection engineering, and incident response functions.
  • Lead a 24x7 Security Operations Center responsible for monitoring, alert triage, escalation, and initial investigation across the enterprise.
  • Own the detection content lifecycle within the SIEM, and define data source onboarding, log storage, and retention requirements for the platform-owning team.
  • Drive continuous improvement in alert quality, triage efficiency, and analyst workflow to reduce noise and analyst fatigue.
  • Establish tiered operating models, shift coverage, and escalation paths that ensure consistent 24x7 response readiness.
  • Oversee SOC performance metrics, service levels, and quality assurance across monitoring and triage activities.
  • Lead the detection engineering function responsible for building, tuning, and maintaining detection content across SIEM and security telemetry sources.
  • Drive a detection-as-code approach with version control, testing, peer review, and measurable detection coverage mapped to MITRE ATT&CK.
  • Prioritize detection development against threat intelligence, red team findings, incident learnings, and emerging adversary techniques.
  • Establish metrics for detection coverage, efficacy, and false-positive rates, and drive continuous tuning based on outcomes.
  • Partner with engineering and platform teams to ensure high-quality, well-structured log and telemetry sources feed detection pipelines.
  • Lead the Cyber Threat Intelligence function responsible for strategic, operational, and tactical intelligence supporting detection and response.
  • Operationalize threat intelligence by driving indicator enrichment, threat actor tracking, and intelligence-led detection and hunting priorities.
  • Deliver executive and stakeholder threat briefings that translate the threat landscape into business-relevant risk and action.
  • Establish threat hunting programs that proactively search for adversary activity across the environment ahead of alerting.
  • Manage intelligence sources, sharing partnerships, and integration of intelligence into SIEM, SOAR, and detection workflows.
  • Own the enterprise incident response process across detection, triage, containment, eradication, recovery, and post-incident review.
  • Lead major incident coordination, serving as an escalation point and driving cross-functional response during significant events.
  • Establish and maintain incident response playbooks, runbooks, and tabletop exercises to ensure organizational readiness.
  • Drive post-incident reviews and lessons-learned processes that feed detection improvements and control gaps back into the program.
  • Partner with legal, communications, IT, and business stakeholders to ensure coordinated response and regulatory notification where required.
  • Define detection and response requirements, use cases, and priorities for the SIEM, SOAR, and log storage platforms owned and operated by the platform engineering team.
  • Partner with the platform-owning team to shape roadmap, data onboarding, retention, and automation priorities that serve detection and response needs.
  • Specify SOAR automation use cases for triage, enrichment, and response, and validate that delivered automations meet analyst workflow requirements.
  • Provide feedback on tooling performance, gaps, and integration needs to drive a unified, efficient analyst workflow across detection, intelligence, and response.
  • Use modern tools including AI-assisted workflows to accelerate investigation, analysis, documentation, and decision-making across the team.
  • Lead and develop a distributed threat management organization consisting of managers, analysts, detection engineers, threat intelligence analysts, and incident responders.
  • Build organizational clarity across the SOC, threat intelligence, detection engineering, and incident response functions.
  • Provide leadership in talent development, succession planning, coaching, performance management, and team engagement.
  • Manage staffing strategy across full-time employees, partners, and contingent resources, including managed detection and response providers where applicable.
  • Oversee third-party vendors and consulting partners supporting threat management programs and services.

Benefits

  • Annual bonus
  • Long-term incentives
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service