Vice President, Cyber Threat Center (R-18811)

About The Position

Requirements

• 12–15+ years of progressive cybersecurity experience with 7+ years leading large, global teams across two or more of: SOC/IR, Detection Engineering/Automation, CTI, and Vulnerability/Exposure Management.
• Proven executive leadership in 24x7 operations, major incident command, and cross-functional crisis management.
• Demonstrated success building engineering-centric programs (detection-as-code, CI/CD for detections, telemetry pipelines, SOAR automation) and driving measurable outcomes.
• Experience operating at enterprise scale (multi-cloud, hybrid, distributed workforce) and in regulated industries.
• Hands-on familiarity with modern stacks and patterns (examples):
• SIEM/XDR: Splunk, Chronicle, Microsoft, CrowdStrike, SentinelOne
• SOAR/Automation: XSOAR, Tines, Swimlane, custom orchestrations
• Threat Intel/TIP: Recorded Future, Anomali, MISP
• Vulnerability/Exposure: Tenable, Qualys, Rapid7, Wiz, ASM/CSPM
• Cloud & Containers: GCP/AWS/Azure; Kubernetes, GKE/EKS/AKS
• Experience with red/purple teaming and detection engineering mapped to MITRE ATT&CK.
• Background managing budgets ($MM), vendor ecosystems, and outcomes-based contracts.

Responsibilities

• Set Strategy & Operating Model - Define and execute the multi‑year Cyber Threat Center strategy and global follow‑the‑sun model, including org design, talent plan, and partner ecosystem.
• Lead 24x7 SOC & Incident Response - Oversee monitoring, triage, investigation, and response; act as executive incident commander for material events with strong crisis communications.
• Detection Engineering (Detection-as-Code) - Govern a detection-as-code program (CI/CD, testing, version control), map coverage to MITRE ATT&CK, and maintain a detection registry.
• Scale Automation & Orchestration - Drive SOAR and custom automations for enrichment and response; increase automation coverage and reduce MTTD/MTTR and analyst toil.
• Direct Threat Intelligence (CTI) - Set PIRs, run collection and analysis, deliver actionable intel products, and convert TTPs into detections; collaborate with ISACs and law enforcement.
• Own Vulnerability & Exposure Management - Lead threat-based VM across infrastructure, cloud/containers/K8s, and SaaS; enforce remediation SLAs and deliver unified exposure views.
• Establish Metrics & Executive Reporting - Define OKRs/KPIs (e.g., MTTD/MTTR, detection coverage, exposure reduction) and communicate outcomes, risks, and trends to senior leadership and the Board.
• Ensure Readiness & Resilience - Maintain IR plans, playbooks, and crisis processes; run tabletop/purple-team exercises; oversee DFIR, malware analysis, and evidence handling.
• Partner on AI, Architecture, Identity & Cloud Security - Influence roadmaps (zero trust, logging/telemetry standards) and align controls with frameworks/regulations (NIST/ISO/PCI/GDPR, etc.). Understand risks to AI and the detection and response lifecycle related to AI threats.
• Manage Technology, Vendors & Budget - Rationalize tooling for capability and cost efficiency; manage contracts, outcomes-based engagements, third-party integration, and M&A onboarding.
• Build High-Performance Teams & Culture - Recruit, develop, and mentor global leaders; drive efficiency, continuous learning, and clear planning.

Benefits

• Generous paid time off in your first year, increasing with tenure.
• Up to 16 weeks 100% paid parental leave after one year of employment.
• Paid sick time to care for yourself or family members.
• Education assistance and extensive training resources.
• Do Good Program: Paid volunteer days & donation matching.
• Competitive 401k with company matching.
• Health & wellness benefits, including discounted Wellhub membership rates.
• Medical, dental & vision insurance for you, spouse/partner & dependents.