Senior Manager, Cybersecurity Operations

Senior Manager, Cybersecurity Operations

Join to apply for the Senior Manager, Cybersecurity Operations role at Rocket EMS

$/yr - $/yr

Rocket EMS is seeking a hands‑on Senior Manager, Cybersecurity Operations
, to lead and mature our enterprise security operations program. This role owns the technical direction and execution of cybersecurity operations, including SIEM and SOAR engineering, detection and response, email threat defense, and cloud, network, and endpoint security across a hybrid, Azure‑centric environment. Role will report to the CIO & Head of Cybersecurity.

This is a technical leadership role, not a GRC or compliance or new grad position. You will lead experienced cybersecurity engineers and partner closely with a Managed SOC (MSOC) to deliver 24×7 monitoring, automation‑driven response, and continuous improvement of security operations.

• Own and operate enterprise cybersecurity operations across on‑prem, cloud, and hybrid environments.
• Lead Microsoft Sentinel SIEM engineering, including advanced KQL query development, analytics rules, incident workflows, and dashboards.
• Design and maintain SOAR automation and playbooks to accelerate investigation and response.
• Improve detection quality, reduce alert fatigue, and optimize MTTR/MTTD.
• Oversee endpoint, network, identity, email, and cloud security platforms.
• Act as the senior technical escalation point for complex alerts and investigations.

• Own operational defense against phishing, business email compromise malicious attachments, AI generated attacks and OAuth‑based attacks.
• Define and optimize user‑reported email workflows and automated remediation actions.
• Lead response to email‑borne account takeover and social‑engineering incidents.
• Own and continuously improve incident response plans, playbooks, and operational readiness.
• Lead investigations involving ransomware, insider threats, and targeted attacks.
• Coordinate response with MSOC partners, IT, Cloud, and Engineering teams.
• Conduct post‑incident reviews and drive corrective actions.
• Lead threat hunting and detection coverage mapping using the MITRE ATT&CK framework.

• Lead Crowd Strike Falcon operations including detection, investigation, and response.
• Own Palo Alto Networks NGFW security, including firewall policy management, IPS/IDS, and threat prevention.
• Own the vulnerability management lifecycle from discovery through remediation.
• Drive patch automation, validation, and remediation SLAs with IT and Cloud teams.

• Ensure secure configurations and architecture across Azure, Entra , and Microsoft 365.
• Define and enforce identity security, conditional access, and privileged access controls.
• Evaluate, integrate, and optimize security tooling and platform integrations.
• Support application and cloud‑native security initiatives.

• Lead and mentor experienced cybersecurity engineers through technical guidance and career development.
• Set technical direction, review designs, and provide hands‑on leadership during incidents.
• Own the global cybersecurity on‑call rotation and escalation model.
• Serve as the escalation point for high‑severity incidents and coordinate response across teams.
• Build a culture of ownership, accountability, and operational excellence.

• Define and report operational cybersecurity KPIs and executive dashboards.
• Drive automation using SOAR, Power Shell, Python, and KQL.
• Maintain documentation including SOPs, incident playbooks, and security architecture baselines.

Note:

Only candidates with proven hands‑on technical expertise in advanced Sec Ops operations should apply. This role requires active engagement in SIEM/SOAR engineering, incident response, cloud and endpoint security, and threat detection.

• 8–12+ years of experience in cybersecurity operations or security engineering.
• 3–5+ years of experience leading Sec Ops or cybersecurity engineering teams.
• Hands‑on expertise with Microsoft Sentinel, including advanced KQL query…