Cybersecurity Manager

Role: Senior Manager, Cybersecurity Operations

Location: Santa Clara, CA (Onsite)

Duration: 6+ months

Overview: Client is seeking a hands-on Senior Manager, Cybersecurity Operations, to lead and mature our enterprise security operations program. This role owns the technical direction and execution of cybersecurity operations, including SIEM and SOAR engineering, detection and response, email threat defense, and cloud, network, and endpoint security across a hybrid, Azure-centric environment. The role will report to the CIO & Head of Cybersecurity. This is a technical leadership role, not a GRC or compliance, or a new grad position. You will lead experienced cybersecurity engineers and partner closely with a Managed SOC (MSOC) to deliver 247 monitoring, automation-driven response, and continuous improvement of security operations.

What You ll Own

Cybersecurity Operations, SIEM & SOAR

• Own and operate enterprise cybersecurity operations across on-prem, cloud, and hybrid environments.
• Lead Microsoft Sentinel SIEM engineering, including advanced KQL query development, analytics rules, incident workflows, and dashboards.
• Design and maintain SOAR automation and playbooks to accelerate investigation and response.
• Improve detection quality, reduce alert fatigue, and optimize MTTR/MTTD.
• Oversee endpoint, network, identity, email, and cloud security platforms.
• Act as the senior technical escalation point for complex alerts and investigations.

Email Security & User Threat Defense

• Own operational defense against phishing, business email compromise, malicious attachments, AI-generated attacks, and OAuth-based attacks.
• Define and optimize user-reported email workflows and automated remediation actions.
• Lead response to email-borne account takeover and social-engineering incidents.

Incident Response & Threat Management

• Own and continuously improve incident response plans, playbooks, and operational readiness.
• Lead investigations involving ransomware, insider threats, and targeted attacks.
• Coordinate response with MSOC partners, IT, Cloud, and Engineering teams.
• Conduct post-incident reviews and drive corrective actions.
• Lead threat hunting and detection coverage mapping using the MITRE ATT&CK framework.

Network, Endpoint & Vulnerability Security

• Lead CrowdStrike Falcon operations, including detection, investigation, and response.
• Own Palo Alto Networks NGFW security, including firewall policy management, IPS/IDS, and threat prevention.
• Own the vulnerability management lifecycle from discovery through remediation.
• Drive patch automation, validation, and remediation SLAs with IT and Cloud teams.

Cloud & Identity Security Engineering

• Ensure secure configurations and architecture across Azure, Entra ID, and Microsoft 365.
• Define and enforce identity security, conditional access, and privileged access controls.
• Evaluate, integrate, and optimize security tooling and platform integrations.
• Support application and cloud-native security initiatives.

Technical Leadership & On-Call Operations

• Lead and mentor experienced cybersecurity engineers through technical guidance and career development.
• Set technical direction, review designs, and provide hands-on leadership during incidents.
• Own the global cybersecurity on-call rotation and escalation model.
• Serve as the escalation point for high-severity incidents and coordinate response across teams.
• Build a culture of ownership, accountability, and operational excellence.

Metrics, Automation & Reporting

• Define and report operational cybersecurity KPIs and executive dashboards.
• Drive automation using SOAR, PowerShell, Python, and KQL.
• Maintain documentation, including SOPs, incident playbooks, and security architecture baselines.

Required Qualifications

Note: Only candidates with proven hands-on technical expertise in advanced SecOps operations should apply. This role requires active engagement in SIEM/SOAR engineering, incident response, cloud and endpoint security, and threat detection.

• 8 12+ years of experience in cybersecurity operations or security engineering.
• 3 5+ years of experience leading SecOps or cybersecurity engineering teams.
• Hands-on expertise with Microsoft Sentinel, including advanced KQL query development.
• Hands-on experience with CrowdStrike Falcon (detection, investigation, response).
• Hands-on experience securing Palo Alto Networks NGFW, including firewall policy and threat prevention.
• Strong hands-on experience with SIEM and SOAR platforms.
• Deep experience leading incident response for ransomware, insider threats, and targeted attacks.
• Strong experience securing Hybrid Azure-centric environments.
• Proficiency in PowerShell, Python, and KQL for automation.
• Experience owning on-call rotations and escalation responsibilities.
• Experience working with managed SOC partners.
• Strong communication skills and ability to lead during high-severity incidents.

Preferred Qualifications:

• Experience with CrowdStrike Falcon MDR, Microsoft Defender (Endpoint, Identity, M365).
• Experience operating enterprise email security and phishing defense platforms.
• Familiarity with MITRE ATT&CK, Zero Trust architecture, and modern cloud security design.
• Experience in regulated or high-assurance environments (manufacturing, aerospace, ITAR).
• Experience supporting or operating in a CMMC Level 2 aligned environment.
• CISSP or equivalent hands-on security leadership experience preferred, not required.
• Experience building or maturing a cybersecurity operations program.