Job Description

Title: Head of Security Operations

Location: Remote – USA

About the Role

Abnormal Security is looking for a senior leader of security operations to join the Security & Privacy team. As a leading cybersecurity company, it is crucial that we protect our infrastructure, customers, and employees from advanced attacks and threats we face every day. The Head of Security Operations is responsible for implementing and managing the day-to-day detection and response, analysis and reacting to events, handling incidents in a methodical and repeatable manner, and protecting our cloud infrastructure and applications that our customers rely upon. While most of the function focuses on defending, the role will also own proactive security measures such as red-teaming and penetration testing. The ideal candidate will have the ability to protect cloud-native SaaS software companies and be able to balance risk mitigations with the demands of supporting a hyper-growth organization.

Who you are

  • Strong technical acumen in cloud security controls and the ability to partner with and influence engineering and development teams.
  • Team player, collaborative work style.
  • High attention to detail, process, and organization.
  • Demonstrated experience presenting detailed, technical concepts to both technical and non-technical audiences.
  • Results-oriented, values collaboration, self-motivated, and willing to adapt to change in a fast-moving environment.
  • Ability to manage multiple priorities and meet deadlines in a fast-paced environment.
  • Operate within an agile environment and provide leadership to adapt to dynamics in technology, industry, cyber threats, and our own business.
  • Outstanding analytical and communication (written and verbal) skills and exercises good business judgment
  • Strong project management skills to ensure accountability and results.
  • Ability to take unpopular positions when necessary, influence others to support these decisions, and maintain trust and credibility.
  • Ability to mentor, coach, and develop a global team

What you will do

Security Operations

  • Responsible for the design and management of cyber defenses; Incident Response and Security Operations Center (SOC) monitoring to ensure rapid identification and mitigation of security incidents
  • Lead the Security Operations team and other related functions to defend against cyber-attacks and to protect Abnormal during a cyber-incident
  • Develop roadmaps, set objectives, and choose initiatives that support the goals of improving Cyber defense capability and maturity at Abnormal
  • Develop metrics for reporting purposes and driving specific actions, including measuring and improving operational effectiveness and performance and determining detective control effectiveness and coverage.
  • Using a maturity model to measure the incident detection and response capability and identifying capability gaps in all support environments over time.
  • Build in-house digital forensics and incident response (DFIR), threat intelligence, and purple teaming capability, and formalize relevant processes and procedures.

Incident Response & Threat Intelligence

  • Lead incident response efforts, coordinating with internal teams and external partners to mitigate the impact of security incidents and prevent future occurrences.
  • Work with internal stakeholders to mature crisis procedures and cyber incident management.
  • Create and update IR playbooks that are reflective of Abnormal’s business and threat profile.
  • Assess and document risks through threat modeling, white-boarding exercises, and security reviews with teams.
  • Utilize threat intelligence platforms, open-source intelligence (OSINT) tools, and internal data sources to gather, correlate, and analyze threat indicators.
  • Leverage cyber threat intelligence concepts to enhance detection and response capabilities.

Cloud & Application Security

  • Engage and partner with R&D and Engineering teams to ensure our infrastructure, platform, and products are built with appropriate security considerations
  • Develop and maintain effective monitoring and alerting solutions to proactively identify and respond to emerging threat campaigns or detection anomalies.
  • Understand and be able to relay complex IaC, Cloud, and Application Security information as a subject matter expert.

Must Haves

  • Deep Expertise: At least 15 years of experience in cybersecurity, with a focus on strategic planning, risk management, and incident response.
  • 7+ years experience in leadership in security operations or incident response function.
  • Technical Acumen: Proficiency in various cybersecurity technologies, from network, system, application, and cloud security protocols.
  • Crisis Management: Proven track record in effectively handling cybersecurity incidents and crises, minimizing impact, and ensuring rapid resolution.
  • Collaborative Mindset: Ability to work cross-functionally with other departments such as IT, HR, Legal, and Operations to achieve comprehensive cybersecurity coverage.
  • Adaptability: Quick to adapt to new technologies and methodologies to keep the organization secure in an ever-changing threat landscape.
  • Experienced people leader with a proven track record of building and developing high-performing teams.
  • Strong understanding of application security and cloud security with the ability to effectively communicate cybersecurity risks and recommendations to executives.
  • Understanding and practical experience working NIST SP800-53, NIST SP800-171, CMMC, and ISO 27001.
  • Bachelor’s degree or equivalent military experience. Prefer a degree in information assurance, computer science, information security, or business.

Nice to Have

  • Master of Business Administration, Cybersecurity, or Cybersecurity Law preferred.
  • Professional certifications (CISSP, CISM, CISA, or other security-related) are a plus.
  • Experience leading Security Operations for a SaaS / tech company
  • Experience with highly regulated environments (e.g., Financial, Healthcare, etc.)