Director - CyberSecurity Operations

Job Description:

Director of Cybersecurity Operations (Vertex Inc.)

Position summary

Vertex is seeking a Director of Cybersecurity Operations to lead the end-to-end operational

defense of the enterprise against modern, AI-enabled threats. This leader will build and

continuously improve a resilient, intelligence-driven cyber operations program across Security

Operations, Incident Response & Recovery, Threat Management & Testing, and Analytics & AI

Governance, while ensuring operational excellence across a multi-cloud environment.

Cybersecurity's operating model is being reshaped by AI: adversaries move faster, automate

reconnaissance and exploitation and use synthetic content to bypass traditional controls. In

parallel, organizations are rapidly deploying AI systems (LLMs, ML models, APIs, data

pipelines) that expand the attack surface and introduce new risk categories (prompt injection,

model/data poisoning, model extraction, data leakage, deepfakes). This role provides the

leadership required to operationalize AI-driven analytics and automation, enforce AI governance

guardrails, and maintain resilience, compliance, and trust at scale.

Reporting relationship

Reports to the CISO and partners closely with Cloud Engineering, Infrastructure/IT, Product &

Application Security, Risk & Compliance, Legal/Privacy, and Business Continuity.

What you'll do

Security Operations (AI-augmented defense & detection engineering)

Lead a modern SecOps program delivering continuous monitoring, alert triage,

investigation, and response coordination across a multi-cloud environment.

Own the strategy and execution for SIEM/SOAR, endpoint and identity telemetry, cloud

security signals, and centralized log management (collection, normalization, retention,

and integrity).

Build and run a detection engineering function: develop, tune, and maintain detections

mapped to attacker behaviors (e.g., MITRE ATT&CK), validate coverage, and reduce

false positives.

Operationalize AI-assisted triage and correlation (e.g., anomaly detection, alert

enrichment, case summarization) with measurable improvements in fidelity and analyst

efficiency.

Establish guardrails for SecOps automation (human-in-the-loop controls, auditability,

testing, rollback procedures, and change governance).

Incident Response & Recovery (AI-enabled IR & forensics)

Own the incident response lifecycle: readiness, identification, containment, eradication,

recovery, and post-incident lessons learned.

Drive the development and maintenance of playbooks (including cloud-native, AI, and

identity-centric scenarios) and ensure consistent execution through training and exercises.

Operationalize digital forensics and evidence handling capabilities (chain of custody,

investigation workflows, endpoint/cloud log forensics), including emerging needs such as

detection of synthetic artifacts and AI-enabled fraud.

Partner with Business Continuity/DR teams to validate recovery strategies and ensure

response operations support resiliency objectives.

Plan and execute tabletop exercises that simulate high-speed, AI-driven adversaries and

validate decision-making, communications, and escalation paths.

3) Threat Management & Testing (AI-enhanced intel, hunting, and purple

teaming)

Build a threat management program that connects threat intelligence ? detection

engineering ? hunting ? testing ? remediation.

Lead threat intelligence intake and prioritization efforts focused on Vertex's business

risks, including AI-enabled attacker tradecraft and cloud attack paths.

Run proactive threat hunting using behavior-based hypotheses, analytics, and cross-

domain telemetry to uncover low-signal, multi-stage activity.

Oversee enterprise penetration testing and adversary emulation, including assessments of

cloud control planes, identities, APIs, and AI/LLM attack surfaces where applicable.

Establish a purple teaming cadence to continuously validate detection and response

effectiveness, improving readiness through measurable outcomes.

4) Analytics & AI governance (AI/security analytics and guardrails)

Create a security analytics strategy that uses AI/ML and advanced correlation to improve

detection fidelity, accelerate investigations, and forecast operational risk.

Partner with data, engineering, and governance stakeholders to ensure telemetry and

labeling are fit for analytics and model-driven detection

n. Enforce AI governance alignment for security operations: policy, controls, and

monitoring for enterprise AI systems (model risk considerations, access controls, data

handling, prompt/input logging where appropriate, and adversarial testing expectations).

Ensure AI-enabled security automation is validated, explainable where necessary,

auditable, and compliant-never blindly trusted.

Program leadership & operating model

Set the strategy and roadmap for cyber operations, maintaining a high performing

Security Operations Function.

Define and report operational KPIs (e.g., MTTD/MTTR, containment time, detection

coverage, false-positive rate, automation effectiveness, exercise outcomes).

Establish vendor and service-provider governance (including MSSP/MDR where used),

SLAs, and quality controls.

Communicate clearly with executives and stakeholders during incidents and program

reviews, translating technical risk into business impact.

Required qualifications

10+ years in cybersecurity with significant leadership experience in SecOps/SOC,

incident response, and detection/response engineering.

Proven success operating security programs in multi-cloud environments and hybrid

enterprise architectures.

Deep knowledge of SIEM/SOAR operations, detection engineering, log/telemetry

pipelines, endpoint/identity/cloud security telemetry, and incident command.

Demonstrated ability to operationalize AI-driven security analytics and automation with

strong governance, testing, and auditability.

Strong familiarity with incident response and forensics practices (e.g., NIST/industry-

aligned IR lifecycles), evidence handling, and post-incident improvement.

Excellent leadership, hiring, coaching, and cross-functional influence; ability to drive

outcomes across engineering, IT, and business stakeholders.

Preferred qualifications

Experience building or maturing threat intelligence, threat hunting, penetration testing,

and purple teaming programs.

Hands-on understanding of AI/ML and LLM risk domains (prompt injection, data/model

poisoning, model extraction, sensitive data leakage, deepfake-enabled social engineering)

and practical mitigations.

Experience in regulated environments and working with audit/compliance teams (e.g.,

SOC 2/ISO 27001/SOX/privacy obligations) in an operational security context.

Relevant certifications (one or more): CISSP, CISM, GIAC (e.g., GCIH/GDATFA),

AWS/Azure security certifications, or equivalent.

Pay Transparency Statement:

US Base Salary Range: $157,900.00 - $205,400.00

Base pay offered to new hires may vary based upon factors including relevant industry and job-related skills and experience, geographic location, and business needs.* The range displayed does not encompass the full potential of the role, which allows for further growth and career progression.

In addition, as a part of our total compensation package, this role may be eligible for the Vertex Bonus Plan (VOB), a role-specific sales commission/bonus, and/or equity grants.

Learn more about Life at Vertex and connect with your recruiter for more details regarding Vertex's compensation and benefit programs.

*In no case will your pay fall below applicable local minimum wage requirements.