×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Security Manager

Director, Security Operations

Job in Alpharetta, Fulton County, Georgia, 30239, USA
Listing for: Agilysys.
Full Time position
Listed on 2026-01-12
Job specializations:
  • IT/Tech
    Cybersecurity, Security Manager
Job Description & How to Apply Below

Director of Security Operations

This is an In-Office Role. Local Candidates Only.

Overview

The Director of Security Operations is responsible for leading and maturing the organization’s cyber defense capabilities, including Security Operations (SOC), Incident Response, and Vulnerability Management. This role ensures rapid detection, investigation, containment, and recovery from security incidents while proactively reducing risk through identification of vulnerabilities. Reporting to CISO, this leader drives a risk-based security operations strategy aligned with business objectives, regulatory requirements, and industry best practices.

Key Responsibilities Security Operations, Incident Response Leadership & Threat Hunting
  • Lead and oversee 24x7 security operations and enterprise incident response capabilities.
  • Own the Incident Response (IR) program, including policies, playbooks, escalation paths, and communication protocols.
  • Ensure rapid identification, containment, eradication, and recovery from security incidents.
  • Act as executive incident commander for high‑severity incidents, coordinating technical, legal, privacy, communications, and business stakeholders.
  • Conduct and oversee post‑incident reviews, root cause analysis, and corrective action plans.
  • Ensure lessons learned are translated into improved detections, controls, and preventive measures.
  • Lead tabletop exercises and simulate cyber incidents to validate readiness and executive decision‑making.
  • Establish and mature a structured threat hunting program focused on identifying advanced, persistent, and evasive threats not detected by automated controls.
  • Direct hypothesis‑driven threat hunts using adversary TTPs, threat intelligence, and MITRE ATT&CK mappings.
  • Ensure threat hunting outcomes drive improvements in detection logic, alert fidelity, and preventive controls.
Vulnerability & Exposure Management
  • Own the enterprise vulnerability management program across infrastructure, endpoints, applications, containers, and cloud platforms.
  • Establish risk‑based vulnerability prioritization using exploitability, business impact, asset criticality, and threat intelligence.
  • Oversee vulnerability scanning, validation, remediation tracking, and executive reporting.
  • Drive continuous improvement in remediation SLAs and vulnerability reduction metrics.
Threat Detection & Security Engineering Enablement
  • Guide development and tuning of threat detection use cases aligned to the MITRE ATT&CK framework.
  • Ensure comprehensive telemetry coverage across endpoint, identity, network, cloud, and SaaS environments.
  • Integrate vulnerability, misconfiguration, and threat intelligence to improve exposure‑based detection and response.
  • Partner with Security Architecture and Engineering teams to operationalize secure‑by‑design and preventive controls.
Governance, Metrics & Executive Reporting
  • Define and track operational SLAs, KPIs, and KRIs for SOC performance, incident response effectiveness, vulnerability management, and configuration security.
  • Provide clear, concise, risk‑based reporting to executive leadership and the Board.
  • Support regulatory, audit, and customer assurance activities (SOC 2, PCI, SOX, etc.), including incident response evidence and reporting.
People, Program & Vendor Leadership
  • Build, mentor, and lead high‑performing SOC, IR, and vulnerability management teams.
  • Establish on‑call, escalation, and follow‑the‑sun operational models.
  • Manage security operations vendors, MDR providers, and tooling investments to maximize coverage and efficiency.
  • Drive automation through SOAR and workflow orchestration to improve response speed and consistency.
Qualifications Required
  • 10+ years of progressive experience in cybersecurity, including deep expertise in Security Operations and Incident Response.
  • 5+ years of experience leading SOC and IR teams in enterprise or SaaS environments.
  • Extensive experience leading and working with international cyber teams.
  • Strong hands‑on knowledge of:
    • Incident response frameworks and playbooks
    • MITRE ATT&CK and D3

      FEND frameworks
    • SIEM, SOAR, EDR/XDR technologies
    • Vulnerability management and exposure reduction
    • Cloud security and configuration management
  • Proven experience serving as incident commander for high‑severity cyber incidents.
Preferred
  • Experience with breach response coordination involving legal, privacy, and communications teams.
  • Familiarity with regulatory notification requirements and customer communications.
  • Industry certifications such as CISSP, CISM, GIAC (GCIH, GCED), or equivalent.
Key Competencies
  • Proactive threat mindset and adversary‑focused thinking
  • Crisis leadership and executive presence
  • Risk‑based decision making
  • Operational excellence and continuous improvement
  • Clear, confident communication under pressure
  • Automation and scale mindset
#J-18808-Ljbffr
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search