Sr. Director, Cyber Threat Detection & Response

McKessonRichmond, VA
$172,000 - $286,600Onsite

About The Position

The Sr. Director, Threat Detection and Response (TDR) is responsible for leading a comprehensive enterprise capability that designs, implements, and operates scalable detection and response mechanisms while driving remediation of security gaps across technology environments (cloud, endpoints, identity, network, applications, and data platforms). This leader partners closely with the CISO organization, Technology Leadership, risk/compliance, and business stakeholders to prioritize investments, set standards, and ensure measurable improvements in detection fidelity, response readiness, and remediation throughput. This role requires strong technical depth in threat detection and response as well as the leadership maturity to operate at the executive level. The Director establishes TDR strategy, roadmaps, and success metrics; governs an operating rhythm for detection coverage and remediation execution; and ensures outcomes are delivered across multiple teams (often via influence).

Requirements

  • Degree or equivalent experience.
  • Typically requires 15+ years of professional experience and 10+ years of diversified leadership, planning, communication, organization, and people motivation skills (or equivalent experience).
  • 15+ years of cybersecurity experience with significant depth in threat detection, incident response, and security operations, including 10+ years leading teams and/or enterprise programs.
  • Hands-on and leadership experience with detection and response platforms and practices (SIEM content engineering, EDR/XDR, SOAR automation, threat intel integration, logging/telemetry pipelines, and case management).
  • Proven ability to drive remediation outcomes at scale establishing SLAs, clarifying ownership, prioritizing backlogs, and closing systemic gaps surfaced by incidents, hunts, and assessments.
  • Executive-ready communication and stakeholder management skills, including the ability to present risk, progress, and investment needs to senior leadership and influence decisions
  • Demonstrated ability to set strategy, secure organizational alignment/approvals, and deliver outcomes through multiple stakeholders (Security, Infrastructure, Cloud, Application/Product, and business teams).
  • Deep understanding of detection engineering, telemetry pipelines, and security analytics: SIEM content engineering, EDR/XDR detections, SOAR automation, threat intelligence integration, alert triage models, and case management workflows.
  • Strong risk communication skills: able to translate detection gaps and remediation tradeoffs into business impact, present to executives, and drive decisions to closure.
  • Experience establishing oversight metrics and operational rhythms (OKRs/KPIs, reporting, service reviews) and using data to improve alert quality, reduce noise, and accelerate remediation throughput.
  • Working knowledge of relevant governance and regulatory expectations and the ability to partner effectively with audit/compliance and privacy stakeholders while operating an effective detection and response capability.
  • Track record of building high-performing teams and leading with integrity, accountability, and operational discipline; known for clear communication, sound judgment, and reliable execution.
  • Experience developing multi-year roadmaps and influencing investment decisions (people, tooling, telemetry, automation) to improve enterprise detection and remediation outcomes.
  • Proven capability managing vendor relationships and service contracts for security tooling and managed services, including defining requirements and measuring performance against outcomes.
  • Strong understanding of privacy considerations and appropriate monitoring practices; able to partner with Legal/Privacy and HR as needed and ensure monitoring and investigations remain within policy and regulatory boundaries.
  • Experience operating in hybrid/cloud environments and partnering with platform teams to instrument systems (cloud logging, identity signals, endpoint telemetry, network data) for reliable detections.
  • Strong strategic and tactical decision-makingable to balance speed and risk, define compensating controls, and drive complex remediation decisions across multiple owners.
  • Experience leading or sponsoring purple team activities, tabletop exercises, and control validation to continuously improve detection coverage and response playbooks.
  • Trusted leader who builds credibility with executives and teams through transparency, follow-through, and a strong culture of operational excellence.
  • Bachelors degree in computer science, information security/assurance, engineering, or a related field; advanced degree preferred or equivalent experience.
  • Relevant certifications (preferred): CISSP, CISM, GIAC/SANS, +, SSCP, or equivalent foundational security certification.
  • TDR/SecOps certifications (a plus): Google Cloud Professional Cloud Security Engineer and/or Associate Cloud Engineer, Google Professional Cloud DevOps Engineer, and/or GIAC certifications (e.g., GSEC, GCIH) depending on role focus. and/or cloud/security engineering certifications aligned to the teams platforms.

Responsibilities

  • Define and own the enterprise TDR strategy and operating model (detection engineering, alerting standards, response readiness, and remediation governance) aligned to business risk and technology priorities.
  • Establish and report executive-level metrics and scorecards (e.g., detection coverage, alert quality, MTTD/MTTR, response readiness, remediation SLAs, risk reduction) and drive continuous improvement based on outcomes.
  • Lead selection, adoption, and lifecycle management of detection and response tooling and telemetry (SIEM, EDR/XDR, SOAR, UEBA, threat intel integrations, cloud logging, and case management), including integration standards and data quality requirements.
  • Partner with Security Operations (SOC/CSIRT), threat intelligence, vulnerability management, and platform teams to ensure detections map to prioritized threats and that response playbooks and automation are effective and current.
  • Establish remediation governance to drive closure of systemic security gaps identified through incidents, threat hunting, purple teaming, and control validation; ensure clear ownership, prioritization, timelines, and exception processes.
  • Drive enterprise telemetry and logging strategy in partnership with engineering and infrastructure: ensure critical systems are instrumented, logs are retained appropriately, and detections can be built and tuned against reliable data sources.
  • Lead and develop TDR talent (leaders, detection engineers, analysts) through hiring, coaching, performance management, and capability development; ensure teams have the training, tools, and operating discipline required for success.
  • Manage cross-functional stakeholder relationships and communications (Technology leaders, risk/compliance, audit, legal/privacy as needed), translating technical risk into business impact and driving alignment on funding, priorities, and delivery commitments.
  • Provide governance for incident and post-incident remediation: ensure lessons learned translate into durable control improvements, and conduct regular exercises/tabletops to validate readiness and benchmark progress.

Benefits

  • competitive compensation package
  • annual bonus
  • long-term incentive opportunities
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service