Jobs · North Carolina

Director, (Cyber) Security Operations

Relias · Morrisville, NC · Yesterday
Full-time

About the role

The Director of (Cyber) Security Operations is a cyber leadership role responsible for establishing, directing, and continuously maturing the organization’s security operations capabilities to detect, prevent, respond to, and recover from cybersecurity threats and incidents.

Responsibilities

  • Lead the strategic direction, operating model, and maturity roadmap for the security operations function, including monitoring, detection, response, and operational resilience activities.
  • Oversee security operations center (SOC) capabilities, whether internal, outsourced, or hybrid, and ensure monitoring coverage for critical enterprise, cloud, endpoint, identity, network, and application environments.
  • Direct the end-to-end incident response lifecycle, including triage, investigation, containment, eradication, recovery, escalation, and post-incident lessons learned.
  • Establish and maintain operational processes, standard operating procedures, escalation criteria, and playbooks for security events, incidents, and crisis situations.
  • Lead and improve vulnerability operations in partnership with infrastructure, engineering, and application teams, including prioritization, remediation oversight, exception handling, and reporting.
  • Manage and optimize core detection and response technologies such as SIEM, SOAR, EDR/XDR, case management, threat intelligence, email security, and related operational tooling.
  • Drive detection engineering, use-case development, alert tuning, and automation initiatives to improve fidelity, reduce noise, and accelerate response times.
  • Cook up coordination with legal, privacy, compliance, human resources, communications, and executive leadership during significant cybersecurity incidents and investigations.
  • Support digital forensics, threat hunting, and root cause analysis efforts as needed for material incidents or suspicious activity.
  • Partner with security architecture, engineering, and IT operations teams to improve control effectiveness, close operational gaps, and strengthen preventive and detective capabilities.
  • Lead service reviews and performance oversight for managed security service providers, technology vendors, and other external partners supporting operational security functions.
  • Coach, develop, and performance-manage analysts, engineers, and operational leaders while fostering a resilient, accountable, and continuously improving team culture.

Requirements

  • 10+ years of progressive experience in cybersecurity, information security, or related technology roles.
  • 5+ years of leadership experience in security operations, incident response, threat detection, or a comparable cyber operations function.
  • Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Information Technology, Engineering, or a related field; or equivalent combination of education and relevant professional experience.
  • Demonstrated experience leading security monitoring and incident response programs in a mid-sized or large enterprise environment.
  • Experience managing or overseeing SOC operations, including internal teams, managed security service providers, or hybrid operational models.
  • Experience leading significant cybersecurity incidents, investigations, and post-incident remediation efforts.
  • Experience with vulnerability operations, remediation governance, and security operations tooling strategy and optimization.
  • Experience developing operational metrics, executive dashboards, and performance reporting for leadership audiences.
  • Experience managing technical teams, vendors, and cross-functional stakeholders in support of enterprise security objectives.

Qualifications

  • Master’s degree in Cybersecurity, Information Assurance, Computer Science, Business Administration, or a related discipline.
  • Professional certifications such as CISSP, CISM, GIAC, GCIA, GCIH, or other relevant security operations, incident response, or leadership credentials.
  • Experience in SaaS, cloud-native, highly regulated, or customer-facing technology environments.
  • Experience aligning operational practices to recognized frameworks or standards such as NIST CSF, NIST SP 800-61, ISO 27001, CIS Controls, SOC 2, PCI DSS, HIPAA, or other applicable requirements.
  • Experience building or maturing detection engineering, threat hunting, digital forensics, or crisis management capabilities.
  • Experience supporting customer-facing security reviews, external audits, or regulatory examinations involving operational controls.

Similar jobs