Security Operations Manager Remote

Apollo.io is the leading go-to-market solution for revenue teams, trusted by over 500,000 companies and millions of users globally, from rapidly growing startups to some of the world's largest enterprises. Founded in 2015, the company is one of the fastest growing companies in SaaS, raising approximately $250 million to date and valued at $1.6 billion. Apollo.io provides sales and marketing teams with easy access to verified contact data for over 210 million B2B contacts and 35 million companies worldwide, along with tools to engage and convert these contacts in one unified platform.

By helping revenue professionals find the most accurate contact information and automating the outreach process, Apollo.io turns prospects into customers.

Apollo raised a series D in 2023 and is backed by top-tier investors, including Sequoia Capital, Bain Capital Ventures, and more, and counts the former President and COO of Hubspot, JD Sherman, among its board members.

The Security Operations Manager is a hands-on leader responsible for ensuring Apollo’s ability to detect, investigate, respond to, and recover from security incidents effectively and s role blends strong people leadership, cross-functional collaboration, and deep technical expertise in modern security operations. The Manager is expected to lead by example, remain technically engaged, and actively contribute to investigations and high-severity incidents.

This role operates in a fully remote environment and requires excellent asynchronous communication and collaboration skills.

• Own and continuously improve end-to-end Security Operations processes, including detection, investigation, escalation, response, and post-incident activities.
• Act as senior incident leader for high-severity incidents, ensuring timely containment, calm and structured decision-making, and clear stakeholder communication.
• Lead and participate in complex security investigations spanning cloud infrastructure, SaaS platforms, corporate systems, user behavior, and abuse scenarios.
• Ensure high-quality post-incident reviews with clear root cause analysis, actionable remediation, and accountability for follow-through.

• Define and evolve SIEM strategy, including log source onboarding, detection use cases, alert tuning, data quality standards, and coverage validation.
• Oversee creation and maintenance of detection logic, correlation rules, investigation playbooks, and response workflows.
• Drive automation and orchestration initiatives to reduce manual effort and accelerate triage and response.
• Champion the use of AI-assisted tools and techniques to expedite investigation, enrichment, decision-making, and response.
• Build, lead, and retain a high-performing Security Operations team in a fully remote, distributed environment.
• Foster a culture of trust, psychological safety, operational excellence, and continuous learning.
• Provide clear expectations, regular feedback, and coaching aligned with individual strengths and career aspirations.
• Establish and maintain clear career growth paths, helping engineers develop technical depth, operational ownership, and leadership capabilities.
• Support onboarding, mentorship, documentation, and knowledge-sharing practices to strengthen team resilience and reduce single points of failure.

• Partner closely with Engineering, IT, Fraud, Legal, People, Support, and Product teams during investigations, incidents, and improvement initiatives.
• Collaborate deeply with Fraud teams on abuse, account compromise, automation misuse, and anomalous behavior investigations.
• Communicate security risk, incident impact, and remediation plans clearly to both technical and non-technical stakeholders.
• Define, track, and improve operational security metrics such as detection quality, investigation effectiveness, response outcomes, and incident trends.
• Translate business risk and platform changes into actionable operational priorities and roadmap initiatives.
• Contribute to the long-term Security Operations strategy for a cloud-native, SaaS-first platform
  , with GCP as the primary cloud environment.

We expect strong candidates to meet most of these requirements; seniority may be calibrated based on demonstrated scope and impact.

• 5+ years of experience in Security Operations or Incident Response.
• Last 2+ years of people management experience, including hiring, coaching, and performance management, ideally in a remote-first environment.
• Strong hands-on experience with SIEM platforms (experience with Panther is highly valued), detection engineering, log analysis, and security investigations.
• Experience designing and automating security workflows and response processes.
• Experience with cloud-native platforms (
  GCP preferred; AWS and Azure also relevant) and SaaS applications.
• Proficiency in Python for automation, analysis, and tooling; familiarity with Ruby is a…