Director, Security Operations – Incident Response

This is a fully remote position, open to applicants in Ireland.

📋 Description

• Lead and mentor a global team of threat engineers specializing in one or more of the following areas: threat detection, threat emulation, threat intelligence, and incident response.

• Oversee all facets of the team, including recruitment, training, assessment, and coaching.

• Cultivate a culture centered on technical excellence, collaboration, and ongoing improvement.

• Manage team training, development, and staffing to ensure preparedness for both current and emerging threats.

• Direct threat engineering initiatives that create, implement, and maintain tools and services that enhance the team's ability to detect and respond to cybersecurity threats.

• Collaborate with other Threat Management teams to ensure alignment with strategic goals and to enhance operational efficiency.

• Provide comprehensive technical insights and recommendations to security leadership.

• Develop and present metrics for reporting at the organizational, company, and/or executive levels.

⛳️ Requirements

• Bachelor’s Degree in Arts/Sciences (BA/BS) in cybersecurity, computer science, or a related field is mandatory.

• An advanced degree or specialized security certifications are preferred.

• A minimum of 7 years of experience in enterprise security, with a strong emphasis on one or more of the following areas: threat detection, threat emulation, threat intelligence, and incident response.

• At least 3 years of leadership experience in technical security operations and threat engineering is required.

• Practical experience with security tools such as SIEM, threat detection platforms, threat emulation, threat intelligence platforms, and advanced analytics is essential.

• A proven history of enhancing detection capabilities within complex organizations is required.

• Experience in managing a global team of engineers and facilitating collaboration across different time zones is necessary.

• Advanced understanding of threat detection technologies and methodologies is required.

• In-depth knowledge of attacker tactics, tools, and techniques is essential.

• Proficiency in Windows, Mac, and Linux internals is required.

• Experience with Cloud Computing (AWS, Azure, GCP) is necessary.

• Familiarity with M365 Suite and Environments is required.

• Experience in Microsoft Domain Environments is essential.

• Knowledge of IAM/AAA technologies and architectures (Active Directory, Okta, OpenID, SAML, Oauth, JWT) is required.

• Understanding of Physical and Virtual Networking technologies and architecture is necessary.

• Experience with SIEM/SOAR technology (Splunk, CrowdStrike, Sentinel, etc.) is required.

• Proficiency in EDR Platforms (CrowdStrike, Microsoft Defender, etc.) is essential.

• Familiarity with Offensive Security Tools is required.

• Relevant certifications such as CISSP, GCIA, SANS Certifications, or equivalent credentials are necessary.

🏝️ Benefits

• Gain valuable knowledge from and experience with diverse, caring colleagues around the world.

• Enjoy a respectful, welcoming environment that fosters individuality and encourages innovative thought.

• Join the bright and creative minds of RGA, and experience vast, endless career potential.