Director, (Cyber) Security Operations
Relias · Morrisville, NC · Yesterday
Full-time
About the role
The Director of (Cyber) Security Operations is a cyber leadership role responsible for establishing, directing, and continuously maturing the organization’s security operations capabilities to detect, prevent, respond to, and recover from cybersecurity threats and incidents.
Responsibilities
- Lead the strategic direction, operating model, and maturity roadmap for the security operations function, including monitoring, detection, response, and operational resilience activities.
- Oversee security operations center (SOC) capabilities, whether internal, outsourced, or hybrid, and ensure monitoring coverage for critical enterprise, cloud, endpoint, identity, network, and application environments.
- Direct the end-to-end incident response lifecycle, including triage, investigation, containment, eradication, recovery, escalation, and post-incident lessons learned.
- Establish and maintain operational processes, standard operating procedures, escalation criteria, and playbooks for security events, incidents, and crisis situations.
- Lead and improve vulnerability operations in partnership with infrastructure, engineering, and application teams, including prioritization, remediation oversight, exception handling, and reporting.
- Manage and optimize core detection and response technologies such as SIEM, SOAR, EDR/XDR, case management, threat intelligence, email security, and related operational tooling.
- Drive detection engineering, use-case development, alert tuning, and automation initiatives to improve fidelity, reduce noise, and accelerate response times.
- Cook up coordination with legal, privacy, compliance, human resources, communications, and executive leadership during significant cybersecurity incidents and investigations.
- Support digital forensics, threat hunting, and root cause analysis efforts as needed for material incidents or suspicious activity.
- Partner with security architecture, engineering, and IT operations teams to improve control effectiveness, close operational gaps, and strengthen preventive and detective capabilities.
- Lead service reviews and performance oversight for managed security service providers, technology vendors, and other external partners supporting operational security functions.
- Coach, develop, and performance-manage analysts, engineers, and operational leaders while fostering a resilient, accountable, and continuously improving team culture.
Requirements
- 10+ years of progressive experience in cybersecurity, information security, or related technology roles.
- 5+ years of leadership experience in security operations, incident response, threat detection, or a comparable cyber operations function.
- Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Information Technology, Engineering, or a related field; or equivalent combination of education and relevant professional experience.
- Demonstrated experience leading security monitoring and incident response programs in a mid-sized or large enterprise environment.
- Experience managing or overseeing SOC operations, including internal teams, managed security service providers, or hybrid operational models.
- Experience leading significant cybersecurity incidents, investigations, and post-incident remediation efforts.
- Experience with vulnerability operations, remediation governance, and security operations tooling strategy and optimization.
- Experience developing operational metrics, executive dashboards, and performance reporting for leadership audiences.
- Experience managing technical teams, vendors, and cross-functional stakeholders in support of enterprise security objectives.
Qualifications
- Master’s degree in Cybersecurity, Information Assurance, Computer Science, Business Administration, or a related discipline.
- Professional certifications such as CISSP, CISM, GIAC, GCIA, GCIH, or other relevant security operations, incident response, or leadership credentials.
- Experience in SaaS, cloud-native, highly regulated, or customer-facing technology environments.
- Experience aligning operational practices to recognized frameworks or standards such as NIST CSF, NIST SP 800-61, ISO 27001, CIS Controls, SOC 2, PCI DSS, HIPAA, or other applicable requirements.
- Experience building or maturing detection engineering, threat hunting, digital forensics, or crisis management capabilities.
- Experience supporting customer-facing security reviews, external audits, or regulatory examinations involving operational controls.