Tech Stack

Description

We are seeking a Manager, Security Operations to lead and modernize our enterprise security operations function. In this role, you will own the execution and continuous improvement of security operations, from incident response and detection engineering to automation and metrics, while partnering with internal teams and managed service providers. This is a builder-focused leadership role where you will have the mandate to design modern playbooks, improve signal quality, and scale operations to achieve measurable outcomes.

Requirements

• 5+ years of experience in Security Operations, Incident Response, or SOC-related roles
• 2+ years of direct experience managing and operating ServiceNow SIR
• Experience with EDR and SIEM platforms (e.g., Microsoft Defender, Sentinel)
• Experience managing blended teams with internal and external resources
• Strong understanding of incident response methodologies and automation

Responsibilities

• Lead a blended security operations model combining internal analysts, nearshore/offshore resources, and managed service providers
• Own ServiceNow Security Incident Response (SIR) workflows, data models, and operating procedures
• Design and implement SIR playbooks to automate triage, enrichment, containment, and response actions
• Oversee detection and response capabilities across EDR and SIEM platforms (including Microsoft Azure security capabilities)
• Define, track, and improve MTTx metrics using data to prioritize automation and process improvements