Senior Security Operations Manager, Detection Engineering & Incident Response

Pure Storage•Santa Clara, CA

10h•$225,000 - $338,000•Onsite

About The Position

We’re in an unbelievably exciting area of tech and are fundamentally reshaping the data storage industry. Here, you lead with innovative thinking, grow along with us, and join the smartest team in the industry. This type of work—work that changes the world—is what the tech industry was founded on. So, if you're ready to seize the endless opportunities and leave your mark, come join us. THE ROLE The Senior Manager, Security Operations – Detection Engineering & Incident Response will lead and evolve Pure’s Security Operations (SecOps) function across Detection Engineering, Threat Intelligence, and Incident Response (CIDR). The mission is to transform SecOps into a proactive, intelligence-driven, and outcome-oriented program that measurably reduces enterprise risk and strengthens security posture across cloud, SaaS, infrastructure, and endpoint environments. This role sits at the intersection of detection, incident response, threat hunting, attack surface management, and platform security. You’ll build and mature a high-signal detection and response system — from telemetry pipelines to actionable alerts — ensuring every detection maps to real attacker behavior and closes meaningful risk paths. You’ll partner closely with leaders across GRC, Product Security, Infrastructure, IAM, and Engineering to operationalize risk-informed detections, mature IR processes, and drive measurable improvements in security posture.

Requirements

10+ years in cybersecurity, including 5+ years in detection, incident response, or SecOps leadership
Proven experience leading detection engineering and incident response teams at enterprise scale
Deep expertise with: SIEM (Splunk preferred), SOAR (Tines, XSOAR), and EDR (CrowdStrike)
Cloud telemetry and detection (CloudTrail, GuardDuty, VPC flow)
Threat modeling, MITRE ATT&CK, and TTP-to-detection lifecycle
Experience with detection-as-code practices, version control, and CI/CD pipelines
Hands-on skills validating detections through replay, simulation, and log mining
Familiarity with frameworks such as CIS Controls, NIST 800-53, and SOC 2
Ability to translate complex security data into clear, executive-level insights
Proven cross-team collaboration with Infra, GRC, Product Security, and App teams
Strong written and verbal communication with an emphasis on clarity and measurable outcomes

Nice To Haves

Experience operating in hybrid cloud and SaaS-heavy environments
Understanding of attacker behavior, threat intel feeds, and threat hunting workflows
Familiarity with secrets detection, data exfiltration indicators, and IAM anomaly detection
Certifications such as CISSP, GCIH, GCIA, OSCP, AWS Security, or equivalent

Responsibilities

Lead and mature the Detection Engineering and CIDR functions across threat detection, response workflows, incident triage, and automation
Build and maintain a comprehensive detection inventory categorized by threat type, log source, MITRE mapping, and detection method
Drive continuous validation through red team, purple team, and atomic testing
Own key SecOps metrics such as MTTD, MTTR, and alert quality to improve signal-to-noise ratio and detection confidence
Oversee ingestion of telemetry (AWS, Azure, SaaS, endpoint, network) into Splunk and SOAR pipelines
Ensure incident response workflows are automated, repeatable, and outcome-focused
Lead post-incident reviews and root-cause analyses, tracking corrective actions to closure
Correlate threat intelligence, detection gaps, and hunt findings into prioritized roadmap updates
Drive detection-to-remediation loops by partnering with ASM, Infra, IAM, AppSec, and GRC teams
Produce dashboards that connect technical posture to business risk and ownership metrics
Lead scenario-based tabletops, detection drills, and incident simulations