Key skills
CloudSaaSLeadershipCommunicationRemote Work
About this role
Role Overview
- Own the strategy and maturity roadmap for corporate monitoring, detection engineering, and operational security metrics. Define logging standards, detection coverage expectations, and measurable performance indicators for the team.
- Lead and develop Corporate Security Operations Analysts and the Corporate Threat Hunter & Detection Analyst through coaching, clear performance expectations, and structured feedback. Remove blockers, improve workflows, and ensure the team is focused on high-impact work.
- Continuously improve alert quality, detection coverage, triage workflows, and operational automation. Reduce false positives, strengthen telemetry visibility across corporate SaaS and infrastructure, and ensure monitoring outputs are accurate and defensible.
- Partner with Security Engineering, IT, Compliance, and leadership to ensure monitoring supports configuration baselines, vulnerability management efforts, and regulatory commitments. Provide clear, actionable insight during investigations and ongoing risk discussions.
- Establish consistent operational rhythms for reporting, detection reviews, and after-action analysis. Maintain structured documentation, metric reporting, and continuous improvement processes that strengthen operational maturity over time.
Requirements
- 5–8+ years of experience in security operations, detection engineering, or incident response, with at least 2+ years leading analysts or technical security teams
- Hands-on experience with SIEM and EDR platforms, including alert tuning, dashboard creation, and detection optimization
- Demonstrated ability to improve monitoring quality by reducing false positives and increasing meaningful detection coverage
- Experience defining and tracking operational metrics (e.g., MTTD, MTTR, alert fidelity, detection coverage) and presenting results to leadership
- Strong understanding of enterprise logging across endpoints, identity providers, SaaS platforms, and cloud environments
- Familiarity with regulated environments (e.g., CMMC 2.0, NIST 800-53, SOC 2, or similar frameworks) and the role monitoring plays in audit defensibility
- Experience supporting incident investigations in coordination with internal stakeholders and external DFIR partners
- Proven ability to build structured workflows, documentation standards, and repeatable operational processes
- Strong communication skills with the ability to translate technical operational data into clear risk narratives
- Sound judgment, steady leadership presence, and the ability to balance operational execution with long-term program improvement.
Tech Stack
- Cloud
Benefits
- Equity: Share in the company's success.
- Flexible Work Environment: Remote work with flexible hours and unlimited PTO.
- Comprehensive Health Coverage: Health, dental, vision, and life insurance.
- Retirement Plan: 401(k) plan to secure your future.
- Parental Leave: 8 weeks at 100% regardless of state.
- Company Retreats: Annual company summit trips.
- Home Office Budget: $1,000 per year for home office improvements.