Senior Security Operations Manager, Detection Engineering & Incident Response

We’re in an unbelievably exciting area of tech and are fundamentally reshaping the data storage industry. Here, you lead with innovative thinking, grow along with us, and join the smartest team in the industry.

This type of work—work that changes the world—is what the tech industry was founded on. So, if you're ready to seize the endless opportunities and leave your mark, come join us.

THE ROLE

The Senior Manager, Security Operations – Detection Engineering & Incident Response will lead and evolve Pure’s Security Operations (SecOps) function across Detection Engineering, Threat Intelligence, and Incident Response (CIDR). The mission is to transform SecOps into a proactive, intelligence-driven, and outcome-oriented program that measurably reduces enterprise risk and strengthens security posture across cloud, SaaS, infrastructure, and endpoint environments.

This role sits at the intersection of detection, incident response, threat hunting, attack surface management, and platform security. You’ll build and mature a high-signal detection and response system — from telemetry pipelines to actionable alerts — ensuring every detection maps to real attacker behavior and closes meaningful risk paths.

You’ll partner closely with leaders across GRC, Product Security, Infrastructure, IAM, and Engineering to operationalize risk-informed detections, mature IR processes, and drive measurable improvements in security posture.

What You’ll Do

• Lead and mature the Detection Engineering and CIDR functions across threat detection, response workflows, incident triage, and automation
• Build and maintain a comprehensive detection inventory categorized by threat type, log source, MITRE mapping, and detection method
• Drive continuous validation through red team, purple team, and atomic testing
• Own key SecOps metrics such as MTTD, MTTR, and alert quality to improve signal-to-noise ratio and detection confidence
• Oversee ingestion of telemetry (AWS, Azure, SaaS, endpoint, network) into Splunk and SOAR pipelines
• Ensure incident response workflows are automated, repeatable, and outcome-focused
• Lead post-incident reviews and root-cause analyses, tracking corrective actions to closure
• Correlate threat intelligence, detection gaps, and hunt findings into prioritized roadmap updates
• Drive detection-to-remediation loops by partnering with ASM, Infra, IAM, AppSec, and GRC teams
• Produce dashboards that connect technical posture to business risk and ownership metrics
• Lead scenario-based tabletops, detection drills, and incident simulations
  
  

We are primarily an in-office environment and therefore, you will be expected to work from the Santa Clara, CA office in compliance with Pure’s policies, unless you are on PTO, work travel, or other approved leave.

What You Bring

• 10 years in cybersecurity, including 5 years in detection, incident response, or SecOps leadership
• 5 years of people management experience, including direct management of security engineering, detection engineering, or incident response teams, with responsibility for coaching, performance management, and team development.
• Proven experience leading detection engineering and incident response teams at enterprise scale
• Deep expertise with:
• SIEM (Splunk preferred), SOAR (Tines, XSOAR), and EDR (CrowdStrike)
• Cloud telemetry and detection (CloudTrail, GuardDuty, VPC flow)
• Threat modeling, MITRE ATT&CK, and TTP-to-detection lifecycle
• Experience with detection-as-code practices, version control, and CI/CD pipelines
• Hands-on skills validating detections through replay, simulation, and log mining
• Familiarity with frameworks such as CIS Controls, NIST 800-53, and SOC 2
• Ability to translate complex security data into clear, executive-level insights
• Proven cross-team collaboration with Infra, GRC, Product Security, and App teams
• Strong written and verbal communication with an emphasis on clarity and measurable outcomes
• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Engineering, or a related technical field, or equivalent practical experience
  

Preferred Qualifications

• Experience operating in hybrid cloud and SaaS-heavy environments
• Understanding of attacker behavior, threat intel feeds, and threat hunting workflows
• Familiarity with secrets detection, data exfiltration indicators, and IAM anomaly detection
• Certifications such as CISSP, GCIH, GCIA, OSCP, AWS Security, or equivalent
• Master’s degree in Cybersecurity, Computer Science, Information Systems, Engineering, Business Administration (MBA), or a related field
  
  

Salary ranges are determined based on role, level and location. For positions open to candidates in multiple geographical locations, the base salary range is reflective of the labor market across the applicable locations.

This role may be eligible for incentive pay and/or equity.

There is no application deadline and we accept applications on an ongoing basis until the job is filled.

The Annual Base Salary Range Is

$225,000—$338,000 USD

What You Can Expect From Us

• Innovation: We celebrate those who think critically, like a challenge, and aspire to be trailblazers.
• Growth: We give you the space and support to grow along with us and to contribute to something meaningful. We have been named Fortune's Best Workplaces in Technology™, Fortune's Best Workplaces in the Bay Area™, and certified as a Great Place to Work®!
• Team: We build each other up and set aside ego for the greater good.
  
  

And because we understand the value of bringing your full and best self to work, we offer a variety of perks to manage a healthy balance, including flexible time off, wellness resources, and company-sponsored team events. Check out purebenefits.com for more information.

Accommodations And Accessibility

Candidates with disabilities may request accommodations for all aspects of our hiring process. For more on this, contact us at TA-Ops@purestorage.com if you’re invited to an interview.

Our Commitment To a Strong And Inclusive Team

We’re forging a future where everyone finds their rightful place and where every voice matters. Where uniqueness isn’t just accepted but embraced. That’s why we are committed to fostering the growth and development of every person, cultivating a sense of community through our Employee Resource Groups and advocating for inclusive leadership.

Everpure is proud to be an equal opportunity employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or any other characteristic legally protected by the laws of the jurisdiction in which you are being considered for hire.

Join us and bring your best.

Bring your bold.

Pure and simple.