Role Purpose:
This role leads the Detect and Respond function, responsible for incident response, threat detection, and cyber defense operations across cloud, endpoint, and identity systems. The goal is to strengthen the organizations ability to detect, respond to, and recover from cyber threats quickly and effectively, while fostering a culture of proactive security across the company.
Role Value:
The role directly supports the organization’s trust, resilience, and compliance objectives. By improving detection capabilities, automating response processes, and reducing incident impact, this position helps protect customer data, business operations, and overall company reputation.
Example Responsibilities:
• Own and evolve the overall Detect & Respond strategy—partnering with Technology, Engineering, and managed service providers to advance the organization’s security posture.
• Lead the 247 Security Operations Center (SOC) and govern the end-to-end incident response lifecycle (prepare detect contain eradicate recover lessons learned).
• Manage external incident response retainers, vendors, and threat intelligence services, ensuring relevant intelligence is contextualized and acted upon.
• Oversee detection engineering and threat hunting across SIEM, endpoint, and cloud telemetry platforms.
• Support the creation, maintenance, and operationalization of incident response playbooks and escalation processes.
• Ensure all Detect & Respond controls, processes, and automations operate effectively and are continuously improved.
• Lead security crisis simulations, tabletop exercises, and post-incident reviews to improve organizational readiness.
• Collaborate with Engineering, IT, and Product teams to guide secure design, response preparedness, and operational controls.
• Track and report KPIs/KRIs (e.g., MTTD, MTTR, detection coverage %, incident closure rate, SIEM ingestion efficiency).
• Identify, document, and report risks to executive leadership.
• Manage CSIRT relationships, escalation protocols, and cross-team coordination during major incidents.
• Oversee and support penetration testing, vulnerability management, and red/purple team exercises.
• Drive security awareness initiatives and promote a positive cybersecurity culture across teams.
• Ensure lessons learned from incidents and exercises feed back into improved detections, playbooks, and training.
Experience and Qualifications:
• 8+ years of experience in Cybersecurity Operations, DFIR, Threat Detection, or SOC leadership, including experience leading teams.
• Proven success in designing and implementing unified detection and response programs across cloud, endpoint, and enterprise environments.
• Experience leading investigations involving Advanced Persistent Threats (APT), malware, and targeted attacks.
• Deep understanding of AWS Security (CloudTrail, GuardDuty, IAM, KMS, S3, Lambda, EKS) and CrowdStrike Falcon (EDR, CNAPP, Identity, DLP).
• Strong background in SIEM engineering, threat hunting (KQL/Sigma), and automation using Python.
• Practical experience in incident management, digital forensics, and data breach response.
• Working knowledge of MITRE ATT&CK, ISO 27001, SOC2, and PCI DSS frameworks.
• Experience managing and optimizing partnerships with third-party security providers and MSSPs.
• Excellent analytical, communication, and leadership skills with a structured, hands‑on approach.
• Relevant certifications such as CISSP, CISM, CEH, or GIAC preferred.
• Fast learner, adaptable, and capable of operating in a global, fast‑paced, and collaborative environment.
Key Characteristics and Attitudes:
• Friendly and supportive
• Adaptable and flexible
• Articulate and persuasive
• High IQ and EQ
• Curious and coachable
• Commercially aware
• Resilient and tenacious
• Big-picture thinking with strong attention to detail