Security Engineering and Operations Manager

We are seeking a highly experienced and strategic Security Engineering and Operations Manager to lead and optimize our cloud security monitoring incident response and operational practices within our Google Cloud Platform (GCP) environment. This role is crucial for ensuring the continuous effectiveness of our security controls and maintaining a strong security posture.

The ideal candidate will possess a deep understanding of security best practices operational methodologies and compliance frameworks (especially SOC 2). While not primarily a hands-on technical role you will leverage your strong technical acumen to guide security engineers drive operational improvements enhance threat awareness and translate complex security data into actionable insights through effective dashboarding and reporting. You will be responsible for managing the lifecycle of security operations fostering a culture of proactive security and ensuring our operations align with Ford Credits business objectives and regulatory requirements

• Lead and manage day-to-day security operations including security monitoring incident response vulnerability management and threat intelligence processes.
• Develop implement and continuously refine security operations strategies and best practices to enhance the efficiency and effectiveness of our security posture in GCP.
• Oversee the lifecycle of security incidents from detection and analysis to containment eradication recovery and post-incident review.
• Drive the integration of threat intelligence into security monitoring and incident response workflows to improve detection and prevention capabilities.
• Implement and manage best practices for security logging event correlation and alert generation within the GCP ecosystem and integrated security platforms.
• Oversee the selection implementation and optimization of security operations tools including SIEMs (e.g. Google Chronicle Splunk) EDR IDS/IPS WAFs and vulnerability scanners.
• Ensure the effective utilization of GCP-native security services such as Security Command Center Cloud Logging Cloud Monitoring Cloud Armor and IDS/IPS solutions for operational visibility and threat detection.
• Collaborate with security engineers to ensure security tools are properly configured maintained and integrated into operational workflows.
• Ensure all security operations and monitoring activities adhere to relevant regulatory and compliance frameworks with a strong focus on SOC 2 requirements.
• Develop and maintain documentation for security operations processes procedures and controls to support audit requirements.
• Work closely with internal and external auditors during compliance assessments providing evidence and explanations related to security operations.
• Drive continuous improvement in security operations to meet evolving compliance standards.
• Foster a culture of proactive threat awareness within the security operations team and across relevant stakeholders.
• Design build and maintain comprehensive security dashboards metrics and reports to provide clear visibility into security posture operational performance and key risk indicators for various audiences (technical teams to executive leadership).
• Communicate effectively on security incidents threats and operational status to stakeholders ensuring timely and accurate information dissemination.
• Provide leadership mentorship and guidance to security engineers and analysts fostering their professional growth and technical capabilities.
• Collaborate extensively with cross-functional teams (e.g. development infrastructure compliance risk management) to ensure security operations are aligned with broader organizational goals.
• Manage vendor relationships for security tools and services relevant to security operations.

• Bachelors degree in Computer Science Information Security or a related technical field or equivalent practical experience.
• 8 years of progressive experience in Information Security with at least 3 years in a leadership or managerial role focused on Security Operations SOC management or Security Engineering management.
• Demonstrated experience in implementing and managing security monitoring and incident response programs.
• Strong knowledge of security operations best practices processes and frameworks (e.g. NIST ISO 27001).
• In-depth understanding and practical experience with SOC 2 compliance requirements and audit processes.
• Experience with cloud security operations in GCP including services like Security Command Center Cloud Logging Cloud Monitoring Chronicle Cloud Armor and Cloud IDS/IPS.
• Hands-on experience with security tools and technologies such as SIEMs Endpoint Detection and Response (EDR) Web Application Firewalls (WAFs) Intrusion Detection Systems (IDS) and vulnerability scanners.
• Proven ability to design and implement security dashboards and reporting mechanisms to provide actionable insights.
• Solid understanding of threat detection methodologies MITRE ATT&CK framework and common attack vectors.
• Knowledge of network protocols operating system internals and security monitoring techniques.
• Excellent communication interpersonal and leadership skills with the ability to effectively manage teams influence stakeholders and present complex information clearly to diverse audiences.
• Strong troubleshooting and problem-solving skills with an analytical approach to security challenges.

Preferred Qualification:

• Relevant certifications such as CISSP CISM GCIH CCSP or GCP Professional Cloud Security Engineer.

• Experience with Security Orchestration Automation and Response (SOAR) platforms.

• Experience managing a Security Operations Center (SOC) or similar operational security team.

• Knowledge of data lake concepts and technologies for security data aggregation and analysis.