Director, Security Operations

Director, Security Operations

The Director of Security Operations leads and matures the organization’s cyber defense capabilities, including Security Operations (SOC), Incident Response, and Vulnerability Management. This role ensures rapid detection, investigation, containment, and recovery from security incidents while proactively reducing risk through identification of vulnerabilities. Reporting to the Chief Information Security Officer (CISO), this leader drives a risk‑based security operations strategy aligned with business objectives, regulatory requirements, and industry best practices.

Key Responsibilities Security Operations, Incident Response Leadership & Threat Hunting

• Lead and oversee 24x7 security operations and enterprise incident response capabilities.
• Own the Incident Response (IR) program, including policies, playbooks, escalation paths, and communication protocols.
• Ensure rapid identification, containment, eradication, and recovery from security incidents.
• Act as executive incident commander for high‑severity incidents, coordinating technical, legal, privacy, communications, and business stakeholders.
• Conduct and oversee post‑incident reviews, root‑cause analysis, and corrective action plans.
• Ensure lessons learned are translated into improved detections, controls, and preventive measures.
• Lead tabletop exercises and simulate cyber incidents to validate readiness and executive decision‑making.
• Establish and mature a structured threat‑hunting program focused on identifying advanced, persistent, and evasive threats not detected by automated controls.
• Direct hypothesis‑driven threat hunts using adversary TTPs, threat intelligence, and MITRE ATT&CK mappings.
• Ensure threat‑hunting outcomes drive improvements in detection logic, alert fidelity, and preventive controls.

Vulnerability & Exposure Management

• Own the enterprise vulnerability management program across infrastructure, endpoints, applications, containers, and cloud platforms.
• Establish risk‑based vulnerability prioritization using exploitability, business impact, asset criticality, and threat intelligence.
• Oversee vulnerability scanning, validation, remediation tracking, and executive reporting.
• Drive continuous improvement in remediation SLAs and vulnerability reduction metrics.

Threat Detection & Security Engineering Enablement

• Guide development and tuning of threat detection use cases aligned to the MITRE ATT&CK framework.
• Ensure comprehensive telemetry coverage across endpoint, identity, network, cloud, and SaaS environments.
• Integrate vulnerability, misconfiguration, and threat intelligence to improve exposure‑based detection and response.
• Partner with Security Architecture and Engineering teams to operationalize secure‑by‑design and preventive controls.

Governance, Metrics & Executive Reporting

• Define and track operational SLAs, KPIs, and KRIs for SOC performance, incident response effectiveness, vulnerability management, and configuration security.
• Provide clear, concise, risk‑based reporting to executive leadership and the Board.
• Support regulatory, audit, and customer assurance activities (SOC 2, PCI, SOX, etc.), including incident response evidence and reporting.

People, Program & Vendor Leadership

• Build, mentor, and lead high‑performing SOC, IR, and vulnerability management teams.
• Establish on‑call, escalation, and follow‑the‑sun operational models.
• Manage security operations vendors, MDR providers, and tooling investments to maximize coverage and efficiency.
• Drive automation through SOAR and workflow orchestration to improve response speed and consistency.

Required Qualifications

• 10+ years of progressive experience in cybersecurity, including deep expertise in Security Operations and Incident Response.
• 5+ years of experience leading SOC and IR teams in enterprise or SaaS environments.
• Extensive experience leading and working with international cyber teams.
• Strong hands‑on knowledge of:
  • Incident response frameworks and playbooks
  • MITRE ATT&CK and D3
    
    FEND frameworks
  • SIEM, SOAR, EDR/XDR technologies
  • Vulnerability management and exposure reduction
  • Cloud security and configuration management
• Proven experience serving as incident commander for high‑severity cyber incidents.

Preferred Qualifications

• Experience with breach response coordination involving legal, privacy, and communications teams.
• Familiarity with regulatory notification requirements and customer communications.
• Industry certifications such as CISSP, CISM, GIAC (GCIH, GCED), or equivalent.

Key Competencies

• Proactive threat mindset and adversary‑focused thinking
• Crisis leadership and executive presence
• Risk‑based decision making
• Operational excellence and continuous improvement
• Clear, confident communication under pressure
• Automation and scale mindset

Seniority level:
Director

Employment type:

Full‑time

Job function:
Other, Information Technology, and Management

Industries:
Software Development

#J-18808-Ljbffr