Director, Security Operations
Share
Job Location:
Newark, DE - USA
Monthly Salary:
Not Disclosed
Posted on:
Yesterday
Vacancies:
1 Vacancy
Job Summary
Pay Grade: 33S
Context of Job
The Director of Security Operations is a senior cybersecurity leader responsible for designing executing and continually improving the institutions security operations capabilities. This role provides strategic and hands-on leadership across the Security Operations Center incident response digital forensics vulnerability management endpoint detection and response (EDR/XDR) firewall and network security and coordination with Managed Detection and Response (MDR) providers.
The Director works closely with central IT schools and colleges legal counsel privacy compliance and external investigators to ensure effective detection response investigation and recovery from cybersecurity incidents in a complex higher-education environment that includes on-premises cloud and research systems. This role is accountable for ensuring cybersecurity operations balance risk reduction with usability and operational needs across academic administrative research and affiliated units.
The Director Security Operations and SOC reports to the Chief Information Security Officer (CISO).
The Director works closely with central IT schools and colleges legal counsel privacy compliance and external investigators to ensure effective detection response investigation and recovery from cybersecurity incidents in a complex higher-education environment that includes on-premises cloud and research systems. This role is accountable for ensuring cybersecurity operations balance risk reduction with usability and operational needs across academic administrative research and affiliated units.
The Director Security Operations and SOC reports to the Chief Information Security Officer (CISO).
Major Responsibilities:
Security Operations & SOC Leadership
- Establish and lead a mature outcomes-driven SOC operating model aligned with higher education risk academic openness and regulatory requirements.
- Define SOC strategy operating procedures escalation models and service maturity roadmap.
- Lead mentor and develop SOC analysts incident responders and security engineers across distributed campus environments.
- Provide operational leadership supporting multiple schools colleges research units and administrative systems.
- Ensure technical security controls processes and services operate effectively to support prevention detection response and recovery capabilities.
- Act as a change agent driving the adoption of new security technologies and operational processes to improve cyber resilience.
- Lead multiple security operations teams and initiatives concurrently prioritizing service improvement projects based on risk and value.
- Threat Detection MDR & EDR/XDR
- Own threat detection and response across networks endpoints servers cloud platforms and SaaS environments.
- Serve as the primary institutional owner for MDR services ensuring alignment with internal SOC workflows SLAs and escalation paths.
- Oversee EDR/XDR platforms detection tuning threat hunting and response automation.
- Validate detection coverage using frameworks such as MITRE ATT&CK.
Incident Response Forensics & Investigations
- Lead security incident response activities including containment eradication recovery and post-incident analysis.
- Develop maintain and regularly test incident response plans (IRP) playbooks and tabletop exercises.
- Oversee digital forensics investigations including endpoint network log and cloud-based forensic analysis.
- Coordinate litigation holds evidence preservation and chain-of-custody requirements in collaboration with Legal Compliance and Privacy offices.
- Act as the primary security liaison with external investigators law enforcement cyber insurance carriers and third-party forensic firms when required.
- Ensure proper documentation and reporting for regulatory legal and institutional requirements.
- Oversee digital forensics activities including endpoint network cloud and application-level investigations.
- Coordinate with Legal Privacy and Compliance teams to support litigation holds evidence preservation and regulatory inquiries.
- Engage and manage external investigators cyber insurance partners and third-party forensic firms during major incidents.
- Ensure incident response activities support post-incident reporting lessons learned and operational improvements.
- Cloud & Modern Infrastructure Security
- Lead security operations for cloud platforms (e.g. Azure GCP AWS) including incident response and forensic investigations in cloud-native environments.
- Partner with system network HPS infrastructure and enterprise application teams to integrate security logging monitoring and response into cloud and hybrid architectures.
- Oversee security operations for SaaS platforms commonly used in higher education.
- Provide oversight for application and platform security testing including secure development practices and DevSecOps integration.
- Support cloud-native forensic investigations and security monitoring across IaaS PaaS and SaaS platforms.
- Ensure security operations integrate with modern application delivery pipelines and enterprise platforms.
Firewall & Network Security Ownership
- Own and manage the campus Palo Alto next-generation firewall environment including:
- Architecture and design
- Rulebase governance and segmentation
- Secure zone and enclave design
- Change management and performance optimization
- Design firewall and network security solutions that balance academic access research needs and institutional risk.
- Collaborate closely with network engineering teams to enforce security controls across campus and data centers.
Vulnerability Management
- Own the enterprise vulnerability management program including scanning risk-based prioritization remediation tracking and reporting.
- Coordinate remediation efforts across central IT distributed school IT teams and system owners.
- Integrate vulnerability data into SOC detection and response workflows.
- Oversee vulnerability configuration and attack surface management programs across endpoints servers cloud workloads and applications.
- Ensure vulnerability remediation efforts are risk-based measurable and aligned with institutional priorities.
Governance Risk & Compliance
- Ensure security operations align with relevant frameworks and regulations (e.g. NIST HIPAA FERPA PCI-DSS).
- Support audits risk assessments and compliance reviews through operational evidence and reporting.
- Partner with institutional leadership to translate technical risk into business and academic impact.
Metrics Reporting & Executive Communication
- Define and track SOC metrics (e.g. MTTD MTTR alert quality incident trends).
- Provide clear actionable security reporting to senior leadership CIO/CISO and governance committees.
- Communicate incident impact response actions and risk posture in non-technical terms.
- Serve as a senior advisor to executive leadership schools colleges and research units on cybersecurity operational risk.
- Oversee service delivery commitments including internal and external SLAs ensuring operational and financial targets are met.
- Champion collaboration across IT academic units healthcare and research environments to embed security into operations.
- Recruit mentor and develop high-performing cybersecurity professionals building both technical depth and leadership capacity.
- Ensure team skills evolve to support future operational and threat landscape needs.
Vendor Budget & Program Management
- Manage SOC-related vendors tools and service providers including MDR EDR SIEM forensic tools and firewall platforms.
- Oversee budgeting procurement and lifecycle management for security operations technologies.
- Continuously evaluate and improve tools automation and processes.
- Design and execute multi-year security operations roadmaps aligned with institutional strategy and regulatory obligations.
- Develop and manage the security operations budget ensuring effective allocation of resources and measurable return on investment (ROI).
- Evaluate the value cost and risk reduction impact of security initiatives to guide prioritization and funding decisions.
Qualifications:
- Bachelors degree in cybersecurity information technology computer science or a related field.
- Eight years of progressive experience in cybersecurity operations including 5 years in security leadership roles.
- Demonstrated experience leading SOC incident response digital forensics and enterprise security operations.
- Hands-on experience with EDR/XDR SIEM firewalls (Palo Alto preferred) vulnerability management and cloud security.
- Experience coordinating forensic investigations litigation holds and working with external investigators.
- Proven ability to lead security operations in complex decentralized environments such as higher education.
- Strong leadership communication and stakeholder management skills.
Required Experience:
Director
Key Skills
- Employee Relations
- Employee Evaluation
- Management Experience
- Profit & Loss
- Conflict Management
- Operations Management
- Project Management
- Budgeting
- Leadership Experience
- Supervising Experience
- Leadership management
- Financial Planning
About Company
The University of Delaware is a diverse institution of higher learning, fostering excellence in research. UD has eight colleges, providing outstanding undergraduate, graduate and professional education, serving the local, regional, national and international communities.
