Cyber Defense Operations Manager

ESSENTIAL DUTIES & RESPONSIBILITIES

• Lead, coach, and manage the performance of a team of cybersecurity professionals responsible for monitoring, detecting, and responding to threats.
• Oversee the deployment and lifecycle management of security technologies, including SIEM, EDR, CASB, and related tools.
• Coordinate with internal stakeholders to identify and prioritize security requirements and initiatives.
• Participate in IT/IS projects to ensure that security risks are considered throughout project lifecycles, and that controls are embedded into solutions.
• Interface and coordinate with third-party vendors that perform security testing.
• Interface with Internal Audit and regulatory bodies during audits and exams.
• Lead vulnerability management identification and reporting, including relevant trend analysis of the enterprise environment.
• Contribute to the creation and hardening of security standards for IT technologies and support documentation (i.e., metrics reporting) for presentation to senior management.
• Evaluate current security operations processes and controls and drive improvements through automation, SOAR, and alert fidelity tuning.
• Monitor key risk indicator metrics on a continuous basis; develop and adjust them, as necessary.
• Participate in various cybersecurity oversight functions including asset lifecycle reviews, change management board reviews, and asset inventory reviews.
• Lead incident response lifecycle from intake and triage through containment and recovery, ensuring lessons learned through postmortem coordination are documented and improvements implemented.
• Serve as the primary escalation point for complex alerts and incidents across SOC and internal platforms, coordinating cross functional response as needed.
• Assist in the creation and documentation of cyber information security artifacts.
• Lead technical risk assessments, perform risk analyses, and partner with stakeholders to create remediation plans that achieve an acceptable level of risk.
• Lead periodic reviews of network firewall configurations.
• Act as the subject matter expert for cybersecurity infrastructure.
• Participate in enhancing network segmentation to maintain the confidentiality, availability, and integrity of enterprise data and information systems.
• Support cross platform correlation of telemetry and alerts.
• Mentor and develop team members, building technical depth and leadership capabilities across cyber defense operations.
• Collaborate with technology and business units to promote first line risk ownership and ensure appropriate security control selection, integration, and verification across projects and platforms.
• Monitor and report on operational KPIs, including mean time to detect/respond (MTTD/MTTR), false positive rates, and alert fidelity.
• Provide input to strategic planning for threat detection capabilities, including tooling roadmaps and budget forecasting.
• Perform other duties as requested.

EDUCATION, SKILLS, & EXPERIENCE

• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related field is required.
• Certifications such as CISSP, CISM, CISA, CEH, GIAC, or Security+ are highly desirable. Certification in cloud or automation platforms (e.g., AWS Security, Azure SC-200, etc.) is a plus.
• 8+ years of progressive experience in cybersecurity operations, security engineering, or threat detection and response.
• Experience working in regulated industries (financial services/banking, insurance, or healthcare) strongly preferred.
• Familiarity with MITRE ATT&CK framework and its application in threat detection and alert tuning.
• Demonstrated success leading teams or managing cybersecurity functions, including mentoring and cross-team coordination.
• Experience with data loss prevention (DLP), identity governance (IGA), or third-party risk platforms (e.g., Purview, Saviynt, Venminder) are a plus.
• Strong hands-on experience with SEIM platforms, CASB, EDR, vulnerability management, and SOAR tooling.
• Experience integrating structured threat intelligence using STIX/TAXII into SIEM, SOAR, or threat intelligence platforms.
• Experience integrating and tuning detection and response tools across hybrid (cloud and on-prem) environments.
• Familiarity with Snowflake/SNOW, endpoint protection platforms, threat intelligence feeds, and security automation.
• Familiarity with cyber risk intelligence platforms (e.g., FS-ISAC, Black Kite, BitSight) and continuous monitoring tools is a plus.
• Understanding of software decomposition, log correlation, and system internals (e.g., Windows, Linux).
• Knowledge of network security controls, firewall rule analysis and identity-based segmentation concepts.
• Ability to interpret and communicate NIST, FFIEC, and NY DFS, cybersecurity regulatory frameworks, and PCI requirements.
• Experience using tools such as FAIR, risk scoring, or quantitative risk methods.
• Excellent communication skills with demonstrated ability to produce clear, executive-level reporting and briefings.
• Strong analytical and critical thinking abilities with a focus on risk-informed decision-making.
• Proven ability to manage competing priorities and deliver in a fast-paced, highly collaborative environment.

Visa sponsorship not available.

We are an equal opportunity employer and do not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, military and/or veteran status, or any other Federal or State legally-protected classes.