Sr SOC and IR Manager (Remote or On Site)
Crane Company · Stamford, CT · 2 mo ago
ManagementFull-time
About the role
We are seeking a Senior Manager, Security Operations & Incident Response to lead our Security Operations Center and Incident Response (IR) program. This role helps to define the operating model, people leadership, and continuous improvement of our detection and response capabilities, partnering across Global Information Security, IT, and business teams to deliver security outcomes globally.
Responsibilities
- Lead and continuously improve the SOC and incident response program, including operating model, standard work, and outcomes.
- Serve as incident commander for high-severity investigations, coordinating cross-functional response and driving clear decisions, timelines, and communications.
- Lead and develop a distributed team of analysts/engineers; build a strong culture of learning, quality, and operational excellence.
- Own detection and response capability across endpoint, network, cloud, SaaS, and identity telemetry; improve signal quality and reduce noise through tuning and engineering.
- Define, maintain, and test playbooks/runbooks and escalation paths, drive readiness through exercises and continuous improvement.
- Drive automation and orchestration (SOAR) to streamline triage and response, integrate systems, and reduce manual effort.
- Guide thoughtful adoption of AI-assisted workflows to accelerate investigations and reporting, with appropriate validation, governance, and analyst enablement.
- Manage SOC tooling, service partnerships, and performance; ensure clear expectations, measurable SLAs, and continuous value delivery.
- Develop and maintain program metrics, KPIs, and executive-ready reporting; track effectiveness and drive improvements in speed, quality, and consistency.
- Partner with Legal, Privacy, HR, GRC, Risk Management, and IT to align response processes, documentation, and communication practices.
- Evaluate, plan, and implement security operations improvements and supporting solutions; keep practices aligned with evolving standards and best practices.
Qualifications and Competencies
- Experience managing, leading, and developing remote/distributed teams with diverse backgrounds and skill levels.
- Demonstrated success designing and running SOC and incident response processes across traditional enterprise environments and modern cloud/SaaS services.
- Strong, current knowledge of security operations tradecraft: alert triage, investigation, containment/recovery coordination, post-incident reviews, and continuous improvement.
- Expertise with security telemetry and analytics: SIEM engineering, log normalization, detection content development, alert tuning, and correlation across endpoint/network/cloud/identity sources.
- Working knowledge of security automation/orchestration (SOAR) and integration patterns (APIs, webhooks, scripting) to reduce toil and improve response consistency.
- Solid understanding of identity and access controls (SSO, MFA, conditional access concepts) and the role of identity telemetry in detection and response.
- Ability to lead high-severity investigations with calm, clarity, and strong judgment; comfortable serving as incident commander and coordinating across teams.
- Excellent written and verbal communication skills, including executive-ready status updates, post-incident reporting, and roadmap/strategy presentations.
- Familiarity with relevant privacy, regulatory, and eDiscovery considerations for incident response (documentation, evidence handling, and reporting workflows).
- Strong project leadership skills with a track record of delivering measurable improvements.
- Flexibility to support incident response needs outside of standard business hours, as required.
- Ability to travel both domestically and internationally (est. no more than 10%).
- Supportive leader: highly motivated, self-directed, collaborative, and perpetually curious.
- Commitment to ongoing security learning and professional development (training and certifications).