Senior SOC and IR Manager

This is a fully remote position, open to applicants in Connecticut.

📋 Description

• Lead and enhance the SOC and incident response program, focusing on the operating model, standard practices, and outcomes.

• Act as the incident commander for high-severity investigations, facilitating cross-functional responses and ensuring clear decisions, timelines, and communications.

• Oversee and nurture a distributed team of analysts and engineers; foster a culture centered around learning, quality, and operational excellence.

• Manage detection and response capabilities across endpoints, networks, cloud, SaaS, and identity telemetry; enhance signal quality and minimize noise through tuning and engineering efforts.

• Define, uphold, and assess playbooks/runbooks and escalation procedures, promoting readiness through exercises and ongoing improvements.

• Propel automation and orchestration (SOAR) to optimize triage and response, integrate systems, and lessen manual workload.

• Promote the thoughtful integration of AI-assisted workflows to expedite investigations and reporting while ensuring proper validation, governance, and analyst support.

• Oversee SOC tools, service partnerships, and performance metrics; establish clear expectations, measurable SLAs, and consistent value delivery.

• Develop and sustain program metrics, KPIs, and executive-ready reports; monitor effectiveness and drive enhancements in speed, quality, and consistency.

• Collaborate with Legal, Privacy, HR, GRC, Risk Management, and IT to synchronize response processes, documentation, and communication practices.

• Assess, strategize, and implement improvements to security operations and associated solutions; ensure practices remain aligned with evolving standards and best practices.

⛳️ Requirements

• Over 7 years of relevant professional experience in security operations and incident response.

• At least 3 years of experience managing or leading teams in a security operations/incident response environment.

• A degree in a related field or equivalent practical experience is preferred.

• Advanced professional security certifications (e.g., CISSP, CISM, GIAC, or equivalent) are preferred.

• Experience in managing, leading, and developing remote/distributed teams with varied backgrounds and skill sets.

• Proven success in designing and executing SOC and incident response processes within traditional enterprise settings and contemporary cloud/SaaS services.

• Strong, up-to-date knowledge of security operations practices: alert triage, investigation, containment/recovery coordination, post-incident analysis, and continuous improvement.

• Proficiency in security telemetry and analytics: SIEM engineering, log normalization, detection content development, alert tuning, and correlation across endpoint/network/cloud/identity sources.

• Familiarity with security automation/orchestration (SOAR) and integration patterns (APIs, webhooks, scripting) to minimize manual effort and enhance response consistency.

• Strong fundamentals in Windows and Linux administration, networking, and modern enterprise services.

• Comprehensive understanding of identity and access controls (SSO, MFA, conditional access concepts) and the significance of identity telemetry in detection and response.

• Capability to lead high-severity investigations with composure, clarity, and sound judgment; comfortable serving as incident commander and coordinating efforts across teams.

• Exceptional written and verbal communication skills, including the ability to prepare executive-ready status updates, post-incident reports, and presentations on roadmaps/strategies.

• Awareness of relevant privacy, regulatory, and eDiscovery matters related to incident response.

• Strong project leadership abilities with a proven record of delivering measurable improvements.

• Willingness to support incident response needs outside of standard business hours, as necessary.

• Capability to travel both domestically and internationally (estimated no more than 10%).

🏝️ Benefits

• Comprehensive health coverage.

• Wellness incentives.

• Assistance with retirement savings plans.

• Paid time off.

• Paid holidays.

• Tuition reimbursement.

• Performance-based bonus programs.