Payscale is the pioneer of compensation intelligence, helping organizations make smarter pay decisions that drive business performance. The Director, Security Engineering & Operations directs, manages, and leads Payscale’s Security Engineering and Security Operations functions, setting strategy and managing the team while remaining directly engaged in architecture, tooling, automation, and incident command.
Responsibilities:
- Direct, manage, and lead the security engineering and security operations team members; own hiring, onboarding, performance reviews, and career development plans aligned to Payscale’s Information Security Career Ladder
- Set strategy and quarterly/annual objectives for both functions and translate them into a prioritized, measurable roadmap; hold regular 1:1s and team connects to maintain a high-performance, feedback-rich culture
- Mentor engineers and analysts at all career levels, providing task-based directives, technical coaching, and growth-oriented feedback
- Own the on-call rotation and after-hours escalation path across both functions, ensuring coverage for time-sensitive detection and response
- Serve as a working leader — remaining hands-on in engineering, architecture, and incident response rather than leading solely through delegation
- Own the design, implementation, and continuous hardening of security controls across corporate, cloud, and hosting environments
- Build and maintain security automation and integrations — SOAR, detection-as-code, and infrastructure-as-code guardrails — to scale coverage without adding headcount
- Engineer and operate the security tooling stack (EDR/XDR, SIEM, identity protection, DLP/CASB, vulnerability scanning), ensuring platforms are well-integrated and meet architectural standards
- Partner with Engineering and Infrastructure to embed “secure by design” into CI/CD, cloud architecture, and product development
- Drive adoption of a zero-trust methodology across identity, endpoint, network, and application layers
- Lead security engineering for enterprise AI and agentic tooling adoption, building controls and guardrails for safe internal use
- Drive the threat detection and incident response capability: detection engineering, playbook development, tabletop exercises, and continuous improvement of MTTA/MTTR metrics
- Lead or oversee incident response events as the designated incident manager for significant or multi-team incidents, running incident command end-to-end
- Own the MDR relationship, holding the provider accountable to SLAs, coverage, and response outcomes
- Extend detection and response to secure enterprise AI and agentic tooling adoption
- Own the vulnerability and exposure management function across all corporate and hosting environments, coordinating cross-functionally on mitigation and remediation with clear SLAs
- Expand security monitoring, visibility, and coverage using existing platforms and open-source tooling
- Own the security engineering and operations portion of the Information Security program roadmap, delivering operational metrics, risk-posture data, and capacity analysis
- Establish and report security KPIs to technology and executive leadership on a regular cadence
- Collaborate with the GRC team on ISO 27001 and SOC 2 evidence, control effectiveness, and audit readiness as it relates to security engineering and operations
- Lead technical evaluations of emerging security vendors and technologies; provide buy/build/partner recommendations to technology management
- Represent security engineering and operations in cross-functional product, engineering, and infrastructure initiatives, ensuring security requirements are incorporated by design
Requirements:
- 10+ years in information security, including 4+ years in a lead or management role across security engineering and/or security operations functions
- Proven people-management track record: direct reports, performance cycles, and team development in a security context
- Expert, hands-on knowledge of both security engineering (controls design, automation, tooling integration) and security operations (detection, incident response) — capable of acting as architect, engineer, incident handler, lead, and manager
- Experience with the CrowdStrike Falcon platform (EDR, Identity Protection, Data Protection, AIDR, ZTA, Exposure Management) and SIEM/SOAR orchestration
- Demonstrated experience owning or managing an MDR or MSSP vendor relationship
- Strong foundation in cloud security (AWS preferred), endpoint security, identity and access management, and zero-trust architecture
- Strong experience in vulnerability and exposure management and mitigation/remediation strategies
- Scripting and automation ability in PowerShell, Python, or Bash; comfortable with detection-as-code and infrastructure-as-code approaches
- Experience with the MITRE ATT&CK framework and the ability to map operational data to TTPs for structured threat analysis
- Experience building operational, engineering, and vulnerability metrics and management reporting, and driving improvement through a regular reporting cadence
- Experience with zero-trust networks and platforms such as Cloudflare, Zscaler, or AppGate
- Experience with Data Loss Prevention and CASB architectures and tooling such as Forcepoint, Netskope, or Zscaler
- Familiarity with SOAR and automation platforms such as Tines, n8n, or Ansible
- Certifications such as CISSP or CISM
- Experience in a remote-first SaaS and/or PE-backed environment