Technical Manager, Cybersecurity

In this role, you will:

• Advance the detection and response program, leading coverage across Cloud, SaaS, Endpoint, and Identity domains.
• Implement organization-wide automation to reduce alert fatigue and accelerate response across all security tooling.
• Mature SIEM and cloud-native logging architectures, ensuring a cost-aware telemetry pipeline spanning corporate, manufacturing, and engineering environments.
• Define and implement scalable security controls that strengthen cloud and infrastructure security through detection, configuration standards, and automated enforcement.

Security Tool Management

• Own end-to-end lifecycle management of the enterprise security toolset, including deployment, configuration, tuning, and decommissioning.
• Configure and manage network security platforms, including next-gen firewalls, IDS/IPS, DDI, VPN, NAC, Web Filtering, CASB/SASE, SIEM, EDR/XDR, vulnerability scanners, and network traffic visibility solutions.
• Manage SIEM operations, including data source onboarding, log normalization, correlation rule development, and alert tuning.
• Develop and enforce network device hardening standards; serve as the senior technical escalation point for break/fix incidents across internal and vendor teams.

Team Leadership & Vendor Management

• Lead and mentor internal technical staff and external security vendors, holding all parties accountable to SLAs, quality standards, and security outcomes.
• Partner with MSPs, SOCs, and specialized vendors to extend team capabilities; conduct regular performance reviews and contract evaluations.
• Interface with IT leadership and security management to develop solutions that meet evolving business and regulatory requirements.

AWS Security & Cloud Posture

• Define and enforce cloud security best practices across all accounts and organizational units, including IAM least-privilege, resource policy governance, and SCP guardrails.
• Lead implementation and tuning of cloud security services; maintain network security architecture, including VPC segmentation, security groups, PrivateLink, WAF, and DDoS protection services.
• Help embed security into CI/CD pipelines, Infrastructure as Code(IaC) templates in partnership with cloud and platform engineering teams.
• Define cloud security configuration standards (CIS Benchmarks, Security Best Practices, etc.) and enforce automated compliance.

Threat Detection & Incident Response

• Lead threat-model–driven detection strategy across SIEM, cloud-native platforms, and adjacent tooling, ensuring coverage across cloud, SaaS, endpoint, and identity domains.
• Serve as our senior escalation point during complex incidents, driving technical analysis, coordinating response, and guiding post-incident remediation.
• Identify gaps in detection coverage, telemetry ingestion, and automation; mature playbooks to reduce detection and response time across security operations.

OT/ICS & Manufacturing Security

• Conduct OT cybersecurity assessments, identifying risks and prioritizing remediation recommendations.
• Design and support network segmentation strategies for OT/IT convergence environments, including segmented ICS networks.
• Identify and implement appropriate remote and local access controls for manufacturing systems, collaborating with engineering and operations teams to avoid disrupting production.

Architecture & Engineering Standards

• Own and maintain architectural standards, including reference architectures, data flow diagrams, detection pipeline operating models, and security design patterns.
• Partner with IT infrastructure, platform, and engineering teams to embed security into cloud design, IAM strategy, and network architecture from inception.

Policy, Compliance & Governance

• Develop and maintain security policies and procedures aligned to support regulatory requirements (NIST, SOC 2, ISO 27001).
• Ensure audit-readiness and evidence collection for compliance assessments; produce stakeholder-ready risk articulations, including impact assessments and recommended mitigations.

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or related technical field. Equivalent combination of education and experience considered.
• 8+ years of progressive cybersecurity engineering experience, with at least 2–3 years in a technical lead or people management capacity.
• Demonstrated experience managing both internal security engineers and external vendors/MSSPs, with accountability for security outcomes and SLA adherence.
• Hands-on expertise with enterprise SIEM platforms (Splunk, Sentinel, Chronicle, or equivalent) including detection rule authoring, data onboarding, and operational tuning.
• Deep working knowledge of cloud security services: Security Hub, GuardDuty, CloudTrail, Config, IAM, Macie, Inspector, VPC security architecture, and SCPs.
• Experience conducting OT/ICS cybersecurity assessments in manufacturing, industrial, or critical infrastructure environments is strongly preferred.
• Familiarity with threat modeling frameworks (MITRE ATT&CK, STRIDE) and their application to cloud and OT environments.
• Experience developing security automation using SOAR platforms (Palo Alto XSOAR, Splunk SOAR, Tines, or equivalent) and scripting (Python, PowerShell).
• CISSP or CISM, AWS Certification, CompTIA Security+, GIAC, GCIA, GCIH, Palo Alto PCNSE or Splunk Certified Architect, etc.

• SIEM / Detection: Splunk ES, Microsoft Sentinel, Rapid 7, Palo Alto – rule authoring, data onboarding, correlation tuning
• AWS Security: Security Hub, GuardDuty, CloudTrail, Config, Macie, Inspector, WAF, IAM, SCPs, VPC security architecture, AWS Organizations
• Security Tools: Firewalls, IDS/IPS, SIEM (Rapid7/Splunk/Palo Alto), NAC (Cisco ISE/Aruba ClearPass), Vulnerability Scanners
• Cloud IAM: AWS IAM, Okta, Azure AD/Entra ID, PAM (CyberArk/BeyondTrust) – identity governance and least privilege
• OT/ICS Security: Dragos, Claroty, or Nozomi – OT visibility; Purdue model, IEC 62443, NERC CIP awareness