Location: Charlotte NC Schedule: Onsite Monday Friday Employment Type: Contract to Hire
Overview
Client is seeking an experienced Cybersecurity Operations Manager to lead a high-performing security operations team responsible for enterprise threat detection incident response security monitoring and data protection initiatives. This leadership role will oversee a team of security engineers and analysts while driving the organizations security operations strategy across SOC operations SIEM management SOAR automation endpoint security insider threat and data protection programs.
The ideal candidate will possess a strong blend of technical expertise operational leadership and strategic vision with experience building and maturing cybersecurity programs within complex highly regulated environments.
Key Responsibilities
Security Operations Leadership
Lead mentor and develop a team of security analysts and engineers across multiple cybersecurity disciplines.
Serve as the primary escalation point for critical security incidents and cyber events.
Partner with executive leadership to communicate cybersecurity risks operational metrics and program maturity.
Foster a culture of continuous improvement accountability and operational excellence.
SOC & Security Monitoring
Oversee Security Operations Center (SOC) performance alert triage processes and detection capabilities.
Drive the development and optimization of SOAR workflows and automated response playbooks.
Establish and monitor operational KPIs including MTTD MTTR alert quality and false-positive reduction.
Collaborate with threat intelligence vulnerability management and engineering teams to improve detection coverage.
Continuously tune security detections correlation rules and monitoring use cases.
SIEM Logging & Detection Engineering
Own enterprise logging and monitoring strategy ensuring comprehensive visibility across cloud network endpoint and application environments.
Manage SIEM operations including content development onboarding of data sources dashboard creation and performance optimization.
Develop and maintain detection content aligned with industry frameworks such as MITRE ATT&CK.
Ensure critical security telemetry is properly collected normalized and retained.
Partner with infrastructure and cloud teams to enhance visibility across hybrid environments.
Incident Response
Lead the organizations incident response program including playbooks escalation procedures and response readiness.
Coordinate response activities across IT Legal Compliance Risk and executive stakeholders during major incidents.
Conduct post-incident reviews and drive remediation efforts to prevent recurrence.
Facilitate tabletop exercises and cyber readiness assessments.
Insider Threat & UEBA
Manage insider threat monitoring investigations and case management processes.
Develop behavioral analytics and risk-based detection capabilities utilizing UEBA technologies.
Partner with HR Legal and Compliance teams on sensitive investigations.
Enhance detection models and risk-scoring methodologies to identify anomalous behavior while minimizing false positives.
Data Security & Data Loss Prevention
Lead enterprise Data Loss Prevention (DLP) initiatives focused on protecting sensitive customer financial and corporate data.
Oversee data classification information protection and governance programs.
Monitor and tune DLP controls and investigate potential data exfiltration events.
Partner with Compliance and Privacy teams to support regulatory and governance requirements.
Endpoint Security
Own endpoint protection strategy across workstation and server environments.
Manage EDR/XDR platforms and ensure comprehensive telemetry coverage and integration with security monitoring tools.
Drive endpoint hardening vulnerability remediation and security baseline initiatives.
Lead forensic investigations involving compromised endpoints and endpoint-generated detections.
Technical Environment
Multi-cloud infrastructure (AWS Azure and/or GCP)
Enterprise-scale security monitoring and automation platforms
SIEM SOAR EDR/XDR UEBA and DLP technologies
Highly regulated environment with strong security and compliance requirements
Required Qualifications
10 years of cybersecurity experience spanning security operations incident response threat detection data security and endpoint protection.
3 years of leadership experience managing security operations SOC teams or blue-team functions.
Strong hands-on experience with enterprise SIEM platforms including content development data onboarding and dashboard creation.
Experience implementing and maturing SOAR platforms and automated response workflows.
Knowledge of network traffic analysis and threat detection technologies.
Experience with enterprise DLP data governance and information protection programs.
Familiarity with UEBA solutions and behavioral analytics methodologies.
Experience managing insider threat investigations and response processes.
Strong knowledge of EDR/XDR platforms such as CrowdStrike Microsoft Defender SentinelOne or similar technologies.
Proven ability to communicate effectively with executive leadership and business stakeholders.
Preferred Qualifications
Experience within financial services banking healthcare insurance or other highly regulated industries.
Professional certifications such as CISSP CISM GCIA GCIH GDAT or equivalent.
Experience operating in large-scale cloud and hybrid enterprise environments.
What Success Looks Like
Improved threat detection and response effectiveness.
Reduced operational risk through automation and process maturity.
Enhanced visibility across enterprise systems and cloud environments.
Strong security team development and operational excellence.
Continued advancement of enterprise cybersecurity capabilities and resilience.
Cybersecurity Operations Manager Location: Charlotte NC Schedule: Onsite Monday Friday Employment Type: Contract to Hire Overview Client is seeking an experienced Cybersecurity Operations Manager to lead a high-performing security operations team responsible for enterprise threat detection incid...
Cybersecurity Operations Manager
Location: Charlotte NC Schedule: Onsite Monday Friday Employment Type: Contract to Hire
Overview
Client is seeking an experienced Cybersecurity Operations Manager to lead a high-performing security operations team responsible for enterprise threat detection incident response security monitoring and data protection initiatives. This leadership role will oversee a team of security engineers and analysts while driving the organizations security operations strategy across SOC operations SIEM management SOAR automation endpoint security insider threat and data protection programs.
The ideal candidate will possess a strong blend of technical expertise operational leadership and strategic vision with experience building and maturing cybersecurity programs within complex highly regulated environments.
Key Responsibilities
Security Operations Leadership
Lead mentor and develop a team of security analysts and engineers across multiple cybersecurity disciplines.
Serve as the primary escalation point for critical security incidents and cyber events.
Partner with executive leadership to communicate cybersecurity risks operational metrics and program maturity.
Foster a culture of continuous improvement accountability and operational excellence.
SOC & Security Monitoring
Oversee Security Operations Center (SOC) performance alert triage processes and detection capabilities.
Drive the development and optimization of SOAR workflows and automated response playbooks.
Establish and monitor operational KPIs including MTTD MTTR alert quality and false-positive reduction.
Collaborate with threat intelligence vulnerability management and engineering teams to improve detection coverage.
Continuously tune security detections correlation rules and monitoring use cases.
SIEM Logging & Detection Engineering
Own enterprise logging and monitoring strategy ensuring comprehensive visibility across cloud network endpoint and application environments.
Manage SIEM operations including content development onboarding of data sources dashboard creation and performance optimization.
Develop and maintain detection content aligned with industry frameworks such as MITRE ATT&CK.
Ensure critical security telemetry is properly collected normalized and retained.
Partner with infrastructure and cloud teams to enhance visibility across hybrid environments.
Incident Response
Lead the organizations incident response program including playbooks escalation procedures and response readiness.
Coordinate response activities across IT Legal Compliance Risk and executive stakeholders during major incidents.
Conduct post-incident reviews and drive remediation efforts to prevent recurrence.
Facilitate tabletop exercises and cyber readiness assessments.
Insider Threat & UEBA
Manage insider threat monitoring investigations and case management processes.
Develop behavioral analytics and risk-based detection capabilities utilizing UEBA technologies.
Partner with HR Legal and Compliance teams on sensitive investigations.
Enhance detection models and risk-scoring methodologies to identify anomalous behavior while minimizing false positives.
Data Security & Data Loss Prevention
Lead enterprise Data Loss Prevention (DLP) initiatives focused on protecting sensitive customer financial and corporate data.
Oversee data classification information protection and governance programs.
Monitor and tune DLP controls and investigate potential data exfiltration events.
Partner with Compliance and Privacy teams to support regulatory and governance requirements.
Endpoint Security
Own endpoint protection strategy across workstation and server environments.
Manage EDR/XDR platforms and ensure comprehensive telemetry coverage and integration with security monitoring tools.
Drive endpoint hardening vulnerability remediation and security baseline initiatives.
Lead forensic investigations involving compromised endpoints and endpoint-generated detections.
Technical Environment
Multi-cloud infrastructure (AWS Azure and/or GCP)
Enterprise-scale security monitoring and automation platforms
SIEM SOAR EDR/XDR UEBA and DLP technologies
Highly regulated environment with strong security and compliance requirements
Required Qualifications
10 years of cybersecurity experience spanning security operations incident response threat detection data security and endpoint protection.
3 years of leadership experience managing security operations SOC teams or blue-team functions.
Strong hands-on experience with enterprise SIEM platforms including content development data onboarding and dashboard creation.
Experience implementing and maturing SOAR platforms and automated response workflows.
Knowledge of network traffic analysis and threat detection technologies.
Experience with enterprise DLP data governance and information protection programs.
Familiarity with UEBA solutions and behavioral analytics methodologies.
Experience managing insider threat investigations and response processes.
Strong knowledge of EDR/XDR platforms such as CrowdStrike Microsoft Defender SentinelOne or similar technologies.
Proven ability to communicate effectively with executive leadership and business stakeholders.
Preferred Qualifications
Experience within financial services banking healthcare insurance or other highly regulated industries.
Professional certifications such as CISSP CISM GCIA GCIH GDAT or equivalent.
Experience operating in large-scale cloud and hybrid enterprise environments.
What Success Looks Like
Improved threat detection and response effectiveness.
Reduced operational risk through automation and process maturity.
Enhanced visibility across enterprise systems and cloud environments.
Strong security team development and operational excellence.
Continued advancement of enterprise cybersecurity capabilities and resilience.