Regional Manager of Security Operations

Why you should join:

As a Regional Team Lead of Incident Response & Security Operations, you will be a key member of our collaborative security team, working alongside other security professionals to protect our organization from sophisticated cyberattacks. In this "player-coach" role, you will act as the senior technical expert and operational guide for your region’s Security Operations Center (SOC) analysts. You will be a hands-on practitioner, working alongside your team to hunt for threats, analyze alerts, and lead the technical response to security incidents.

The ideal candidate has a strong background in hands-on security analysis, a talent for mentoring others, and the composure to lead technical investigations under pressure. You will be the primary escalation point for the SOC, ensuring the team's work is effective, efficient, and continuously improving our ability to defend the organization.

Your main tasks:

• Incident Response: Assist with all major security incidents, coordinating response efforts across technical teams, legal, communications, and executive leadership. Lead the development of Incident Response processes and playbooks. Regularly test the company’s Incident Response Plan through tabletop exercises. Manage relationships with 3rd party firms through Incident Response retainers.
• Security Operations: Oversee regional operations of the Security Operations Center (SOC), ensuring timely and effective analysis of security alerts. Identify areas of improvement through automation and new processes. Improve the development and tuning of detection rules, analytics, and correlation logic to improve alert fidelity. Lead threat response and proactive vulnerability/threat notifications.
• Metrics and Reporting: Prepare and present regular reports on incident trends, security posture, and team performance to senior leadership. Define and track Key Performance Indicators to measure the effectiveness of the security program.
• Strategic Leadership: Contribute to the comprehensive enterprise information security strategy, roadmap, and architecture in alignment with business objectives.
• Team Management & Development: Lead, mentor, and manage a high-performing team of security analysts, fostering a culture of technical excellence, innovation, and continuous learning. Manage team schedules, conduct performance reviews, and guide career development for team members.
• Documentation & Knowledge Sharing: Develop and maintain comprehensive documentation, including system architecture diagrams, data flow diagrams, log source configurations, alert rationale, and incident response procedures. Mentor and provide technical guidance to junior security analysts.
• Collaboration & Communication: Effectively communicate technical concepts to both technical and non-technical audiences. Interface with other IT teams (network, systems, application development, etc.) to ensure security is integrated throughout the infrastructure.
• Strategic Planning & Budgeting: Collaborate with leadership on strategic planning, budget forecasting, and resource allocation. Manage the operational budget for the SOC/IR team, including tools, subscriptions, and training.

What your background should look like

Required Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
• Minimum of 5-7 years of experience in information security, with a strong focus on security.
• Significant experience with at least one enterprise-grade SIEM platform (e.g., Devo, Splunk, QRadar, Sentinel, ArcSight).
• Experience with scripting languages (e.g., Python, PowerShell, Regular Expressions) for automation and data manipulation.
• Familiarity with various operating systems (Windows, Linux, macOS) and cloud platforms (AWS, Azure, GCP).
• Knowledge of common security frameworks and standards (e.g., NIST, MITRE ATT&CK, CIS).

Preferred Qualifications:

• Experience with Devo, Devo SOAR, and/or LogicHub
• Advanced programming/coding in one or more languages (C#, Python, etc).
• Understanding of security concepts, including network security, endpoint security, intrusion detection/prevention systems (IDS/IPS), firewalls, and vulnerability management.
• Manufacturing and/or engineering industry experience.
• Experience working in a large global organization.