we are seeking a Detection & Response Manager to lead and mature our security operations and adversary defense capabilities.
This role owns SOC operations, incident response, red teaming, and security automation (SIEM & SOAR) across cloud, data center, and enterprise environments.
The ideal candidate combines operational excellence, threat-adversary thinking, and automation-first execution.
Key Responsibilities
Security Operations Center (SOC) Leadership
Own day-to-day SOC operations across cloud, data center, and corporate environments
Define detection strategy aligned to our company threat models and crown jewels
Ensure high-quality alerting, triage, escalation, and reporting
Continuously reduce false positives and alert fatigue
Incident Response & Crisis Management
Lead end-to-end incident response for high-severity security incidents
Own incident command during crises (technical, executive, and regulatory coordination)
Ensure post-incident reviews lead to real control improvements
Maintain and regularly test incident response playbooks
Red Team & Adversarial Testing
Manage red team and purple team activities (internal and external)
Translate real-world adversary TTPs into detection and response improvements
Ensure findings from red team exercises are remediated and verified
Partner with product, cloud, and physical security teams on attack simulations
SOC Automation (SIEM & SOAR)
Own SIEM and SOAR strategy, architecture, and roadmap
Drive automation of detection, enrichment, response, and reporting
Integrate identity, cloud, CI/CD, and physical security telemetry
Measure SOC effectiveness using MTTD, MTTR, and coverage metrics
Threat Intelligence & Continuous Improvement
Operationalize threat intelligence into detections and playbooks
Track emerging threats relevant to cloud, AI, and infrastructure providers
Continuously improve detection coverage against prioritized attack paths
What Success Looks Like (12 Months)
Measurable reduction in MTTD and MTTR for high-severity incidents
Majority of high-risk incidents detected internally, not externally
Red team findings consistently detected and contained
SOC automation meaningfully reduces manual effort
Clear, trusted security reporting to CISO and leadership.
This role owns SOC operations, incident response, red teaming, and security automation (SIEM & SOAR) across cloud, data center, and enterprise environments.
The ideal candidate combines operational excellence, threat-adversary thinking, and automation-first execution.
Key Responsibilities
Security Operations Center (SOC) Leadership
Own day-to-day SOC operations across cloud, data center, and corporate environments
Define detection strategy aligned to our company threat models and crown jewels
Ensure high-quality alerting, triage, escalation, and reporting
Continuously reduce false positives and alert fatigue
Incident Response & Crisis Management
Lead end-to-end incident response for high-severity security incidents
Own incident command during crises (technical, executive, and regulatory coordination)
Ensure post-incident reviews lead to real control improvements
Maintain and regularly test incident response playbooks
Red Team & Adversarial Testing
Manage red team and purple team activities (internal and external)
Translate real-world adversary TTPs into detection and response improvements
Ensure findings from red team exercises are remediated and verified
Partner with product, cloud, and physical security teams on attack simulations
SOC Automation (SIEM & SOAR)
Own SIEM and SOAR strategy, architecture, and roadmap
Drive automation of detection, enrichment, response, and reporting
Integrate identity, cloud, CI/CD, and physical security telemetry
Measure SOC effectiveness using MTTD, MTTR, and coverage metrics
Threat Intelligence & Continuous Improvement
Operationalize threat intelligence into detections and playbooks
Track emerging threats relevant to cloud, AI, and infrastructure providers
Continuously improve detection coverage against prioritized attack paths
What Success Looks Like (12 Months)
Measurable reduction in MTTD and MTTR for high-severity incidents
Majority of high-risk incidents detected internally, not externally
Red team findings consistently detected and contained
SOC automation meaningfully reduces manual effort
Clear, trusted security reporting to CISO and leadership.
Requirements:
7+ years in security operations, incident response, or threat detection
Proven experience leading a SOC or incident response function
Strong experience with SIEM and SOAR platforms
Deep understanding of:
Cloud security
Identity-based attacks and detection
Endpoint, network, and application telemetry
Experience running or managing red team / purple team activities
Calm, decisive leadership under pressure
Preferred Qualifications
Experience in cloud service providers, hyperscale, or infrastructure companies
Familiarity with GPU / HPC environments or large-scale data centers
Experience with DORA, SOC 2, ISO 27001 incident requirements
Background in threat hunting or offensive security
Key Skills & Attributes
Adversary-minded: thinks like an attacker, not a tool operator
Automation-first mindset
Strong communicator during crises
Data-driven decision making
High ownership, low ego.
7+ years in security operations, incident response, or threat detection
Proven experience leading a SOC or incident response function
Strong experience with SIEM and SOAR platforms
Deep understanding of:
Cloud security
Identity-based attacks and detection
Endpoint, network, and application telemetry
Experience running or managing red team / purple team activities
Calm, decisive leadership under pressure
Preferred Qualifications
Experience in cloud service providers, hyperscale, or infrastructure companies
Familiarity with GPU / HPC environments or large-scale data centers
Experience with DORA, SOC 2, ISO 27001 incident requirements
Background in threat hunting or offensive security
Key Skills & Attributes
Adversary-minded: thinks like an attacker, not a tool operator
Automation-first mindset
Strong communicator during crises
Data-driven decision making
High ownership, low ego.
This position is open to all candidates.
