Director, Security Operations

Director Of Security Operations

The Director of the Security Operations is an established cybersecurity leader responsible for strategic oversight, operational excellence, and continuous maturity of the SOC, ensuring 24/7 monitoring, detection, and response to cyber threats. This role leads multidisciplinary teams across security operations, threat intelligence, incident response, and engineering, aligning SOC activities with enterprise risk, business objectives, and regulatory requirements.

The Director will develop and execute SOC strategy, enhance detection and response capabilities, manage internal staff and MSSP partners, and ensure measurable improvements through KPIs such as MTTD, MTTR, and threat detection efficacy.

Job Duties

Strategic Leadership & Governance

• Develop and execute an enterprise SOC strategy aligned with corporate risk, security architecture, and business objectives.
• Oversee SOC governance including policies, processes, runbooks, and incident response playbooks.
• Define SOC goals, KPIs, SLAs, success metrics, and continuous improvement roadmaps.
• Provide briefings and actionable insights to the CISO, executive leadership, and the board on SOC posture, threat trends, and incident impact.
• Develop, standardize, and maintain core security governance documentation, including the Information Security Program, Incident Response Plan, and Security Policies and Procedures

Operational Excellence

• Lead 24/7 SOC operations ensuring high-quality monitoring, detection, analysis, threat hunting, and incident response.
• Oversee escalations for anomalous activities, vulnerabilities, and significant cyber events; ensure proper triage and coordinated response.
• Ensure protection and detection capabilities leverage modern analytics, automation, engineering, and industry-accepted cybersecurity architecture practices.
• Identify, categorize, and report SOC performance trends; continuously optimize processes to improve detection fidelity and reduce overall risk.

Team Leadership & Workforce Development

• Lead, mentor, and develop SOC managers, engineers, analysts, and threat intelligence staff; build a high-performing and resilient SOC culture.
• Define staffing models, career pathways, training programs, and competency expectations.
• Maintain strong hiring, coaching, and retention practices to address talent shortages and burnout risks.

Technology, Tools & Engineering

• Oversee enterprise security monitoring, automation, endpoint, identity, network, and cloud detection capabilities
• Partner with architecture and engineering teams to tune detection rules, prevention signatures, and correlation logic.
• Manage SOC technology roadmap and recommend upgrades, emerging solutions, or automation enhancements.

Incident Response & Threat Management

• Direct cross-functional incident response, ensuring rapid mitigation, root-cause analysis, and post-incident reporting.
• Lead proactive threat hunting and ensure timely consumption of threat intelligence to anticipate and mitigate emerging risks.
• Ensure SOC integrates with enterprise crisis management, forensics, and business resilience functions.

Vendor, MSSP & Stakeholder Management

• Manage relationships with MDR, MSSP partners and security technology vendors; ensure high-quality service delivery and contract compliance.
• Coordinate with IT, cloud teams, legal, privacy, compliance, and business units during detection and response activities.
• Collaborate with Legal, Privacy, and Compliance teams to ensure SOC processes meet regulatory and data privacy requirements and provide documentation supporting security governance programs.

You Must Have

• 10+ years of progressive experience in security operations, cyber defense, or threat management, with at least 5+ years in SOC leadership.
• Proven hands-on technical background in: Firewalls, IDS/IPS, Endpoint protection/EDR, Email security, Network security, Incident response and digital investigations, Optimize detection logic, behavioral analytics, correlation rules, and automated response workflows
• Strong understanding of enterprise infrastructure: networking, storage, servers, cloud, identity, and logging technologies.
• Demonstrated ability to manage 24/7 operations and high-pressure incident scenarios.
• Effective communication skills with the ability to translate complex threats into clear, executive-level language.

We Value

• CISSP, CISM, GCIA, GCIH, CEH, or equivalent.
• Experience working in hybrid/multi-cloud environments and with modern cloud-native detection technologies.
• Experience optimizing SOC performance via automation, threat intelligence integration, KPI monitoring, and continuous improvement frameworks.
• Familiarity with MITRE ATT&CK, NIST CSF, ISO 27001, and SANS SOC maturity models.
• Strong leadership, decision-making, and crisis-management skills.
• Deep understanding of cybersecurity principles, threat actors, attack lifecycles, cryptographic concepts, and vulnerability management.
• Ability to maintain confidentiality and handle sensitive information with professionalism.
• Demonstrated commitment to innovation, operational excellence, and measurable security outcomes.

What's In It For You

• Join a team that truly values work-life integration and balance where your well-being comes first.
• Grow your career while diving into cutting-edge technologies and continuous learning opportunities.
• Help shape innovative IoT and control solutions that influence the everyday lives of millions.
• Channel your curiosity and passion for discovery while exploring new possibilities and bringing forward bold use cases that help us pioneer the future.