Director Of Cybersecurity Monitoring & Response

Director Of Cybersecurity Monitoring & Response The Director of Cybersecurity Monitoring & Response is responsible for leading the organization’s Security Operations Center (SOC) and Digital Forensics & Incident Response (DFIR) capabilities. This role ensures effective monitoring, detection, analysis, and response to cyber threats while driving continuous improvements in platforms, processes, automation, and team performance to safeguard the organization’s digital assets.

Job Responsibilities

Oversee 24 / 7 security monitoring operations and ensure timely detection of cyber threats.

Define and manage monitoring strategies, detection rules, and dashboards aligned with threat intelligence and risk posture.

Continuously improve monitoring coverage across endpoints, networks, cloud environments, and applications.

Platform Management

Manage and optimize cybersecurity platforms including SIEM, SOAR, EDR, NDR, IDS / IPS, and threat intelligence tools.

Ensure scalability, availability, and resilience of monitoring platforms.

Drive platform integrations with IT infrastructure, cloud, and business applications.

Establish governance for platform upgrades, tuning, and health checks.

Lead end-to-end incident response lifecycle : detection, triage, containment, eradication, recovery, and lessons learned.

Establish a digital forensics capability to investigate complex incidents, malware, insider threats, and advanced persistent threats (APTs).

Ensure incident documentation, chain-of-custody procedures, and evidence preservation standards are met.

Conduct post-incident reviews and drive improvements in processes, tools, and training.

Automation & Orchestration

Champion the use of automation (SOAR) to streamline repetitive monitoring and response activities.

Implement automated playbooks for phishing, malware containment, access revocation, and alert triage.

Continuously identify opportunities for process efficiency and reduced response times through orchestration.

Content Management

Oversee the lifecycle of SOC content including use cases, detection rules, correlation logic, dashboards, and reports.

Ensure SOC content is continuously aligned with evolving threats, business priorities, and compliance requirements.

Standardize content governance, versioning, and quality assurance processes.

Lead and mentor a high-performing team of SOC analysts, incident responders, forensic specialists, and engineers.

Collaborate with IT, Risk, Compliance, and Business units to ensure integrated cyber defense strategies.

Report on monitoring and response performance, metrics, and risk posture to executive leadership.

Manage third-party vendors and service providers supporting monitoring and response activities.

Job Qualifications

Bachelor’s or Master’s degree in Cybersecurity, Information Technology, or a related field.

7+ years of experience in cybersecurity with at least 5 years in SOC leadership or DFIR management.

Strong knowledge of cybersecurity monitoring tools (SIEM, SOAR, EDR, IDS / IPS) and incident response methodologies.

Proven experience in building and leading high-performing SOC or incident response teams.

Familiarity with threat intelligence, malware analysis, insider threat detection, and advanced persistent threats (APTs).

Demonstrated experience with automation, orchestration, and playbook development.

Relevant certifications (CISSP, CISM, GCIA, GCIH, GCFA, or equivalent) strongly preferred.

Excellent communication, leadership, and cross-functional collaboration skills.

Seniority level

Director

Employment type

Full-time

Job function

Information Technology

Industries

IT Services and IT Consulting

#J-18808-Ljbffr