Security Operations Manager

This is a fully remote position, open to applicants in California.

📋 Description

• You will report to the Vice President of Information Security.

• Take ownership of the execution and ongoing enhancement of Aya Healthcare’s enterprise Security Operations program.

• Lead a hybrid security operations model that integrates internal analysts, nearshore/offshore resources, and managed service providers.

• Establish clear operational models, escalation procedures, staffing coverage expectations, and accountability across all SecOps resources.

• Act as the primary custodian of ServiceNow Security Incident Response (SIR) workflows, data models, and operational protocols.

• Design, implement, and continuously enhance SIR playbooks to automate triage, enrichment, containment, and response activities.

• Drive automation initiatives that minimize manual analyst effort and enhance MTTD, MTTR, and MTTC through standardized playbook execution.

• Ensure incidents are systematically triaged, investigated, documented, and remediated using ServiceNow SIR.

• Supervise detection and response capabilities across EDR and SIEM platforms, ensuring high-quality signal ingestion and routing into SIR.

• Confidently operate within Microsoft Azure security capabilities available through Microsoft E5 environments (e.g., Defender, Sentinel).

• Define, monitor, and enhance MTTx metrics, leveraging data to prioritize automation and process enhancements.

• Lead post-incident reviews and ensure that lessons learned lead to improved detections, playbooks, and response protocols.

• Manage, coach, and develop security operations personnel while promoting a high-energy, accountable team culture.

• Serve as a trusted escalation point during security incidents, clearly communicating operational risks and response status to leadership.

⛳️ Requirements

• A minimum of 5 years of experience in Security Operations, Incident Response, or SOC-related roles.

• At least 2 years of direct experience managing and operating ServiceNow Security Incident Response (SIR), including workflow ownership and playbook design.

• Proven experience in designing or operating incident response automation and playbooks within SIR or similar platforms.

• Practical experience integrating EDR platforms (e.g., Microsoft Defender and/or CrowdStrike Falcon) with ServiceNow SIR.

• Strong experience in operating and managing EDR and SIEM solutions within an enterprise environment.

• Significant hands-on experience with Microsoft Azure security solutions, including features available through Microsoft E5 subscriptions.

• Demonstrated ability to manage and enhance MTTx metrics (e.g., MTTD, MTTR) to drive operational improvements.

• Proven track record in leading security operations teams comprising internal staff and external service providers.

• Excellent incident leadership, communication, and decision-making skills with the ability to influence across teams.

🏝️ Benefits

• Complimentary premium medical, dental, life, and vision insurance.

• Generous 401(k) matching program.

• Aya also provides additional benefits for eligible individuals, as required by applicable law, including reimbursements and discretionary bonuses.

• Paid sick leave in accordance with all applicable state, federal, and local laws; generally, employees accrue one hour of paid sick leave for every 30 hours worked. If any part of this statement conflicts with applicable paid sick leave laws, the laws will take precedence.

• Celebrations! We achieve our goals and reward ourselves accordingly.

• Company-sponsored virtual events, happy hours, and team-building activities are regularly scheduled — plus, you will receive a special treat on your birthday!

• Unlimited DTO — we believe in the importance of time off!

• Daily virtual yoga, meditation, or boot camp classes available.