Government and Public Sector Cybersecurity Operations & Threat Detection Response Senior Manager

Government and Public Sector - Technology Consulting - Cybersecurity Operations & Threat Detection - Senior Manager

From strategy to execution the Government & Public Sector practice (GPS) of Ernst & Young provides a full range of consulting and audit services to help our Federal State Local and Education clients implement new ideas to help achieve their mission outcomes. We deliver real change and measurable results through our diverse high-performing teams quality work at the highest professional standards operational know-how from across our global organization and creative and bold ideas that drive innovation. We enable our government clients to achieve their mission of protecting the nation and serving the people; increasing public safety; improving healthcare for our military veterans and citizens; delivering essential public services; and helping those in need. EY is ready to help our government shape the future with confidence.

The opportunity

As a Senior Manager in Security Operations & Threat Detection and Response within EYs Government & Public Sector (GPS) practice you will lead the strategy design transformation and operation of missioncritical Security Operations Centers (SOCs) for federal state local and education clients.

This role blends strategic cybersecurity advisory operational leadership and business development ownership in classified and highly regulated environments up to the Top Secret (TS) level. You will lead large complex engagements supported by cleared delivery teams serve as a trusted advisor to senior government stakeholders and act as a primary driver of revenue growth for EYs GPS Threat Detection & Response offerings. You will be accountable for originating opportunities leading pursuits shaping solutions and expanding longterm client relationshipswhile remaining deeply engaged in delivery excellence and execution.

This role is expected to lead the modernization of government security operations through AIenabled analytics automationdriven workflows and XDRled telemetry unification across hybrid and multicloud environments. The Senior Manager will be accountable for transforming traditional SOC models into metricsdriven outcomeoriented operations that improve detection fidelity reduce response time and operationalize compliance at scale across missioncritical federal programs.

Your key responsibilities

• Define and drive security operations strategies and target operating models aligned to agency missions risk tolerance and regulatory mandates.
• Design and implement SOC operating models that support cleared U.S.-based delivery in environments up to the TS level hybrid architectures and followthesun coverage where permissible.
• Own engagement delivery outcomes ensuring services meet EY quality standards contractual SLAs and government client expectations.
• Contribute to the development of EY GPS and global cybersecurity methodologies assets and accelerators in Threat Detection & Response.
• Lead the design and operation of AIenabled and automationdriven SOC capabilities including agentbased workflows and advanced analytics that accelerate alert triage enrichment and response.
• Drive XDRled detection strategies unifying telemetry across EDR NDR SIEM identity cloud and SaaS platforms into a coherent and prioritized threat detection model.
• Oversee multicloud and hybrid SOC architectures integrating Azure AWS and onprem environments into centralized detection and response operations.
• Own security operations performance metrics including MTTD MTTR dwell time alert fidelity and automation coverage using these KPIs to drive continuous improvement and executivelevel reporting.
• Establish fusion across adjacent operational domains including vulnerability management identity security data protection and threat intelligence reflecting how GPS programs are funded governed and measured.
• Oversee daytoday SOC operations supporting classified (up to TS) and unclassified environments including:
• Threat monitoring alert triage and escalation
• Incident containment eradication and recovery coordination
• Detection engineering usecase development advanced analytics and tuning across SIEM and XDR platforms
• Threat hunting and integration of cyber threat intelligence
• SIEM and SOAR runbook development and optimization
• Act as Incident Commander and executive escalation point for highseverity cyber incidents coordinating response with client leadership and government stakeholders.
• Integration of automated response and orchestration to reduce analyst burden and improve response consistency.
• Lead postincident reviews using MITRE ATT&CK and adversaryinformed defense techniques to measurably improve detection coverage and response effectiveness.
• Advise senior government stakeholders on SOC modernization roadmaps translating operational metrics and detection outcomes into mission risk compliance posture and investment justification.
• Lead SOC assessments and maturity reviews using EY and industry frameworks (e.g. NIST CSF NIST 80053 RMF ISO 27001).
• Develop actionable roadmaps to mature clients SecOps capabilities across tooling cleared workforce models processes and governance.
• Prepare and deliver clientready proposals Statements of Work (SoWs) executive briefings and classified or unclassified presentations as required.

• Ensure adherence to EY risk management independence and quality standards across all engagements.
• Oversee documentation of SOC procedures incident records and governance artifacts to support audits inspections and regulatory reviews.
• Support clients in aligning security operations with public sector mandates and regulations (e.g. FISMA FedRAMP CMMC NIST Zero Trust).

• Lead business development efforts for Security Operations SOC transformation and managed detection and response engagements across GPS clients.
• Originate opportunities by building trusted relationships with senior government stakeholders and identifying missiondriven and regulatory cybersecurity needs.
• Own and lead endtoend pursuits including:
• Opportunity shaping and qualification
• Solution architecture and cleared delivery model design
• Pricing margin management and risk review
• RFP/RFI responses orals and executive negotiations
• Serve as the primary relationship lead for assigned accounts driving account planning pipeline development and sustained revenue growth.
• Lead mentor and develop multidisciplinary teams of analysts engineers and consultants.
• Foster an inclusive collaborative culture aligned with EY values and public service mission outcomes.

To qualify for theroleyou musthave

• Bachelors degree in Computer Science Information Security Engineering or a related field; Masters degree preferred.
• Typically 812 years of cybersecurity experience including 45 years in SOC or incident response leadership roles.
• Experience leading large complex cybersecurity engagements in consulting or managed services environments.
• Demonstrated experience supporting government or highly regulated clients.
• Must be comfortable working in-person as needed
• Professional Certifications (highly desirable)
• 2 or more of:
• GIAC Security Expert (GSE) preferred or other SANS GIAC certifications
• CISSP CISM CISA CRISC
• ITIL Foundation or higher
• Cloud and modern security certifications are an advantage:
• CCSP Microsoft SC 200/SC 100 Azure Security Engineer
• AWS Security Specialty Google Professional Cloud Security Engineer

Due to the nature of our work in the Government and Public Sector work may be required to be completed at client EY and/or contractor sites. Our goal is to assign professionals to projects within a commutable distance of their work location certain circumstances travel may be required beyond your work location based on client and project needs. Candidates should be willing to travel 20 30% or more.

Ideally youll also have

• Proven ability to lead client engagements endtoend while owning pipeline and revenue growth.
• Strong commercial acumen including pricing margin management and risk governance.
• Executivelevel communication stakeholder management and negotiation skills.

• Ability to operate calmly and decisively during highpressure cyber incidents. Deep understanding of SOC operations (Tier 13) incident response lifecycle and threat hunting.
• Demonstrated ability to make seniorlevel technical decisions across detection engineering incident response and adversary tradecraft in complex government environments.
• An active U.S. security clearance is required due to the nature of government client work.
• Top Secret (TS) clearance is highly preferred.

What we look for

Were interested in intellectually curious people with a genuine passion for cybersecurity. With your expertise well turn to you to speak up with innovative ideas that could make a lasting difference not only to us but also to the industry. If you have the confidence in both your presentation and technical abilities to grow into a leading expert here this is the role for you.

At EY youll have the chance to build a career as unique as you are with the global scale support inclusive culture and technology to become the best version of you. And were counting on your unique voice and perspective to help EY become even better too. Join us and build an exceptional experience for yourself and a better working world for all.