Security Operations Vice President

Embrace the challenge of maintaining robust digital security, driving operational excellence, and implementing cutting-edge solutions in cybersecurity.

**Job responsibilities**
- Design, implement, and continuously refine advanced threat detection rules, logic, and models in SIEM, EDR, and cloud-native platforms (e.g., Splunk, Sentinel, CrowdStrike, AWS/Azure/GCP).
- Continuously refine detection strategies based on evolving TTPs (MITRE ATT&CK), threat intelligence, and red/purple team feedback.
- Utilize detection-as-code pipelines and SRE principles to build and maintain detections with appropriate versioning, QA, and testing workflows.
- Perform threat model reviews, architecture reviews and detection gap assessments.
- Operationalize MITRE ATT&CK mappings, threat intel insights, and adversary simulation results to develop precise detection logic.
- Map detection coverage against evolving threat landscapes aligning with industry frameworks and internal threat profiles.
- Partner with Threat Intelligence, Red Team, and Incident Response teams to close the feedback loop between detection hypotheses and real-world adversary behavior.
- Evaluate new telemetry sources and support the onboarding, normalization, and enrichment of log sources to ensure high-fidelity data for detection and analytics.
- Mentor junior analysts and engineers in detection logic design, telemetry analysis, and security operations best practices.
- Evaluate and enhance the organization's security posture by staying current with industry trends, emerging threats, and regulatory requirements, driving innovation and process improvements.

**Required qualifications, capabilities, and skills**
- Bachelor’s Degree in Computer Science, Cybersecurity, Data Science, or related disciplines
- 5+ years of experience in cybersecurity with a core focus on threat detection, security engineering, or SOC operations.
- Expertise in SIEM platforms (e.g., Splunk SPL, KQL, Elastic) with a strong command of query optimization, dashboarding, and alert logic development.
- Advanced understanding of attacker TTPs, malware behaviors, lateral movement techniques, and financial-sector-specific threat actors.
- Experience with threat hunting on a large, enterprise network both as an individual and leading hunting exercises with other team members.
- Deep familiarity with telemetry from EDRs, Cloud logging (e.g., AWS, Azure, GCP), Windows/Linux event logs, identity platforms (e.g., Azure AD), and public cloud services.
- Ability to research TTPs, analyze raw log and develop high fidelity detections in various tools/languages.
- Proven experience collaborating with SOC, IR, threat intel, or red teams in a fast-paced environment.
- Strong grasp of security frameworks and taxonomies including MITRE ATT&CK, Cyber Kill Chain, NIST, and SIGMA/YARA formats.
- Proficiency in scripting languages such as Python or PowerShell to support automation and enrichment tasks.
- Experience creating and working with Jupyter Notebooks to automate workflows and processes.

**Preferred qualifications, capabilities, and skills**
- Experience with detection-as-code methodologies and tools (e.g., Git-based pipelines, CI/CD for security content).
- Background in cloud security (AWS/GCP/Azure), particularly around detection and log correlation in IaaS and SaaS environments.
- Familiarity with SOAR platforms, and anomaly-based detection techniques.
- Experience leveraging Large Language Models (LLMs) for security use cases such as log parsing, alert triage, threat narrative generation, or threat intelligence summarization.
- Experience in integrating LLMs into detection workflows to enhance context enrichment, rule generation, or automated investigation support.