The Opportunity

We are seeking a seasoned and strategic Director of Security Operations to lead security operations capabilities and detection engineering at Incode. This is a critical leadership role that will be instrumental in driving our overall security strategy, ensuring the safety and integrity of our corporate and product environments, and building a robust, 24/7 security incident response team.

As the Director of Security Operations, you will oversee the security operations lifecycle, from detection engineering to incident response, threat hunting, and anomaly detection. You will be responsible for defining the security operations strategy, hiring and growing a team, and providing detection and response for both corporate and product environments. By collaborating closely with our security team members, compliance team, SRE team, and product engineering teams, you will identify, protect, detect, respond, and recover from cyber threats.

If you are a strategic leader with a passion for building high signal detection strategies, conducting threat-hunting exercises, orchestrating security workflows and driving the overall security operations across both our corporate and product at Incode, we would love to chat with you. This is a unique opportunity to shape and build security operations and influence our overall security strategy.

Responsibilities

• Lead the first line of defense to protect, detect, respond to, and recover from cyber-attacks in both our corporate and product environments.
• Define the security operations strategy and roadmap, including the hiring and growth of a robust security team.
• Develop and oversee tools to gather security telemetry data from cloud production systems.
• Automate workflows and improve identification and response time for security events.
• Build and optimize high signal detections with enriched data and orchestration.
• Develop runbooks and incident playbooks for new and existing detections.
• Lead threat hunting practices, suggest product and infrastructure signals to surface attacks, and incorporate findings into security controls.
• Research attacker tactics, techniques, and procedures (TTPs) and craft detections to quickly identify and contain potential security threats.
• Respond to security events, triage, perform investigations, incident analysis, and communicate clearly and efficiently with partners.
• Lead an on-call rotation.
• Onboard new systems and services to SIEM and SOAR and build new detection pipelines.
• Facilitate incident response processes and tabletop exercises.

Qualifications:

• Proven leadership experience in security operations, including security monitoring, detection engineering, incident response, and threat hunting in a SaaS company.
• Demonstrated experience in defining a security operations strategy and roadmap and building and growing a security team.
• Deep understanding of common attacks, adversary tactics, techniques, and procedures (TTPs) and MITRE ATT&CK principles.
• Operating systems internals and forensics experience for macOS, Windows & Linux.
• Domain experience managing and working with current SIEM and SOAR platforms, DLP, email security platforms, endpoint protection platforms, secure service edge, etc.
• Experience developing tools and automation using common DevOps toolsets and programming languages.
• Understanding of malware functionality and persistence mechanisms.
• Ability to analyze endpoint, network, and application logs for anomalous events.
• Proficiency in programming in Golang or Python.
• Excellent collaborative skills.
• Outstanding written and verbal communication.

Preferred Experience and Certification:

• Leadership experience in a SaaS Startup in security focused industries, such as fintech, security software and services, health tech, identity and access management.
• Hands-on experience with data analysis, modeling, and correlation at scale.
• Familiarity in continuous integration and Infrastructure as Code.
• Experience designing and optimizing high throughput ETL pipelines.
• Possess a breadth of knowledge and experience across the information security domain, such as endpoint security, cloud security, application security, or automation.
• Experience as a software engineer, infrastructure engineer, or site reliability engineer.
• Experience detecting or responding to threats in Kubernetes (K8s), AWS, and Linux environments.
• Certifications in Security, Incident Handling, Forensics, and/or Offensive Security (e.g., CERT-CSIH, GCIH, GCIA, GCFA, Security+, ECIH, GX-IH, OSCP, GPEN, CEH, CISSP etc.).