Director, Head of Detection & Response

What success looks like in this role:

About the Team

Unisys Detection & Response team under Global Security Operations is responsible threat detection and incident response for Unisys. This organization is peer to Attack Surface Management Identity & Access Security and Intel & Offensive Security. This team will have services like 24x7 Triage Investigation Incident Response Threat Hunting Insider Threat etc. This also includes FSO which manages the clearance processes for federal projects.

What success looks like in this role:

1. Structure the team with a function/service/capability model. Identify the RACI and key metrics for each service.

2. Increase the talent density within the team through professional development and people management.

3. Operationalize Security Incident Response Plan for the organization and integrate to crisis management plan.

4. Implement Detection Response Platform with clear program health metrics.

5. Increase the Investigation and IR coverage to 24x7 and build a inhouse team.

6. Reestablish advanced hunting within existing IR team.

7. Lead FSO and manage officers assigned. manage certifications and obligation from agencies.

Key Responsibilities:

Strategic Leadership -

Develop and implement a comprehensive detection and incident response strategy aligned with the organizations risk tolerance regulatory requirements and industry best practices.

Provide strategic direction and vision for the Detection & Incident Response team setting clear objectives priorities and performance metrics.

Collaborate with senior leadership IT teams and other stakeholders to integrate cybersecurity incident response to other business processes.

Threat Detection -

Platform Implementation: Working experience of Google SecOps Cribl Splunk etc. Detection Engineering experience with SOC Prime and similar. UEBA for Insider Threat.

Configuration and Optimization: Oversee the configuration and fine-tuning of the selected platforms to achieve optimal performance in threat detection while minimizing false positives enhancing the overall effectiveness of the cybersecurity infrastructure.

Integration and Automation: Establish seamless integration between the threat detection platform and existing security tools such as SIEM and EDR solutions enabling enhanced visibility and automated response capabilities to rapidly mitigate emerging threats and security incidents.

Incident Response Management:

Establish and maintain a robust incident response framework including incident classification escalation procedures communication protocols and coordination with internal teams and external partners.

Serve as the primary point of contact for all cybersecurity incidents liaising with relevant stakeholders including legal privacy ethics & compliance communications and law enforcement agencies as necessary.

Provide leadership and guidance to the incident response team during high-pressure situations ensuring a coordinated and effective response effort.

Team Development & Training-

Recruit mentor and develop a high-performing team of detection and incident response professionals fostering a culture of collaboration innovation and continuous learning.

Conduct regular training exercises tabletop simulations and knowledge sharing sessions to enhance the teams skills preparedness and resilience in responding to emerging threats and attack scenarios.

You will be successful in this role if you have:

Bachelors degree in Computer Science Information Security or related field (Masters degree preferred).

15 years of experience with 8 in a leadership role within cybersecurity with a focus on threat detection response and management.

Deep technical expertise in cybersecurity tools technologies and methodologies threat intelligence and forensic analysis.

Strong understanding of regulatory requirements compliance standards (e.g. GDPR PCI DSS) and industry frameworks (e.g. NIST Cybersecurity Framework ISO 27001).

Excellent communication leadership and interpersonal skills with the ability to influence stakeholders at from engineer to senior executives.

Experience of successfully managing complex cybersecurity incidents and leading cross-functional response teams in a fast-paced environment.

US Citizen willing to go through clearance or already have a clearance.

This role may require access to export-controlled commodities and technology. Therefore to conform to U.S. export control regulations applicant should be eligible for any required authorizations from the U.S. Government.

Unisys is proud to be an equal opportunity employer that considers all qualified applicants without regard to age caste citizenship color disability family medical history family status ethnicity gender gender expression gender identity genetic information marital status national origin parental status pregnancy race religion sex sexual orientation transgender status veteran status or any other category protected by law.

This commitment includes our efforts to provide for all those who seek to express interest in employment the opportunity to participate without barriers. If you are a US job seeker unable to review the job opportunities herein or cannot otherwise complete your expression of interest without additional assistance and would like to discuss a request for reasonable accommodation please contact our Global Recruiting organization at or alternatively Toll Free: (Prompt 4). US job seekers can find more information about Unisys EEO commitment here.