Senior Manager, Cybersecurity Incident Response – Security Operations

This is a fully remote position, open to applicants in Illinois.

📋 Description

• Assist in enterprise incident response activities, encompassing detection, triage, containment, eradication, and recovery.

• Facilitate the management of high-impact cybersecurity incidents in collaboration with Cybersecurity leadership.

• Act as an operational escalation point for incident response, ensuring timely routing and resolution of issues.

• Create and sustain incident response playbooks, procedures, and standards.

• Aid in collaboration with legal, compliance, IT, and external response partners under the guidance of Cybersecurity leadership.

• Conduct post-incident reviews with key stakeholders to pinpoint enhancements and bolster organizational readiness.

• Direct security operations activities with an emphasis on SOC services, including security monitoring, alert management, and incident response execution.

• Supervise internal teams and external service providers (e.g., MSSPs) to guarantee consistent, high-quality security operations coverage.

• Develop and enforce operational standards for alert triage, escalation, and incident management.

• Promote scalability and efficiency through automation, orchestration, and process refinement.

• Ensure effective monitoring across Microsoft 365 Commercial and Government Community Cloud High (GCCH) environments.

• Own and advance security operations technologies, including security information & event monitoring (SIEM) and detection and response platforms.

• Define and govern the operation of multiple SOCs (internal and external), ensuring clear roles, responsibilities, and coordination models.

• Establish IDEX Cybersecurity as the primary authority for major incident response, with external SOCs providing support for detection and escalation.

• Manage relationships with external SOC providers, focusing on performance oversight, metrics, and participation in QBRs.

• Enhance detection fidelity through alert tuning, use case development, and reduction of false positives.

• Propel improvements in detection coverage, response speed (MTTR), and overall operational efficiency.

• Collaborate with cybersecurity leadership to outline the operational roadmap, priorities, and maturity targets.

• Coordinate cybersecurity requests and activities across teams, ensuring proper triaging, prioritization, and completion of work.

• Oversee ticketing and escalation processes, ensuring timely routing, tracking, and resolution of issues.

• Monitor and communicate the status of incidents, initiatives, and key activities across teams.

• Partner with IT and project management office (PMO) teams to incorporate cybersecurity requirements into projects and services from the outset.

• Advocate for consistent, security-first practices throughout IT operations and service delivery.

• Manage security operations performance metrics and reporting, including MTTR, detection effectiveness, alert quality, and service level agreements (SLAs).

• Develop and improve operational metrics and dashboards to support enterprise reporting and risk visibility.

• Leverage data-driven insights to uncover gaps, inefficiencies, and opportunities for improvement.

• Spearhead continuous improvement initiatives to enhance operational maturity, scalability, and consistency.

• Assist in coordinating cybersecurity readiness efforts, including tabletop exercises and crisis simulations.

• Mentor and cultivate team members and stakeholders in incident response practices.

• Support knowledge transfer and training initiatives to enhance enterprise-wide response capabilities.

• Contribute to the development and maintenance of operational documentation and standards.

⛳️ Requirements

• Bachelor’s degree in Information Systems, Computer Science, Information Security, or equivalent experience.

• Over 10 years of experience in cybersecurity, concentrating on security operations, incident response, or SOC leadership.

• Proven track record in leading enterprise incident response and security operations programs.

• Strong proficiency in SIEM platforms, detection engineering concepts, and monitoring operations.

• Experience in complex enterprise or regulated environments.

• Demonstrated ability to lead cross-functional initiatives in matrixed organizations.

• Excellent communication skills, capable of engaging both technical and executive stakeholders.

• Familiarity with Microsoft 365 GCC High (GCCH) environments.

• Experience managing MSSPs or external SOC/forensic partners.

• Knowledge of NIST CSF, NIST 800-53, and NIST 800-171.

• Relevant certifications are preferred (e.g., CISSP, GCIH, GCFA, CISM).

• Experience in implementing automation, orchestration, and AI-enabled security operations capabilities.

🏝️ Benefits

• Health benefits.

• 401(k) retirement savings program with company match.

• PTO.

• More information on our benefits and rewards can be found on our career page: https://www.idexcorp.com/careers/our-benefits-and-rewards/