Senior Manager, Cybersecurity Operations

Senior Manager, Cybersecurity Operations (Hands-On SecOps)Location: Santa Clara, CA (Onsite)Employment Type: Full-timeEligibility: U.S. Persons only (no visa sponsorship)Rocket EMS is seeking a hands-on Senior Manager, Cybersecurity Operations, to lead and mature our enterprise security operations program. This role owns the technical direction and execution of cybersecurity operations, including SIEM and SOAR engineering, detection and response, email threat defense, and cloud, network, and endpoint security across a hybrid, Azure-centric environment. Role will report to the CIO & Head of Cybersecurity.This is a technical leadership role, not a GRC or compliance or new grad position. You will lead experienced cybersecurity engineers and partner closely with a Managed SOC (MSOC) to deliver 24×7 monitoring, automation-driven response, and continuous improvement of security operations.What You'll OwnCybersecurity Operations, SIEM & SOAROwn and operate enterprise cybersecurity operations across on-prem, cloud, and hybrid environments.Lead Microsoft Sentinel SIEM engineering, including advanced KQL query development, analytics rules, incident workflows, and dashboards.Design and maintain SOAR automation and playbooks to accelerate investigation and response.Improve detection quality, reduce alert fatigue, and optimize MTTR/MTTD.Oversee endpoint, network, identity, email, and cloud securityAct as the senior technical escalation point for complex alerts and investigations.Email Security & User Threat DefenseOwn operational defense against phishing, business email compromise malicious attachments, AI generated attacks and OAuth-based attacks.Define and optimize user-reported email workflows and automated remediation actions.Lead response to email-borne account takeover and social-engineering incidents.Incident Response & Threat ManagementOwn and continuously improve incident response plans, playbooks, and operational readiness.Lead investigations involving ransomware, insider threats, and targeted attacks.Coordinate response with MSOC partners, IT, Cloud, and Engineering teams.Conduct post-incident reviews and drive corrective actions.Lead threat hunting and detection coverage mapping using the MITRE ATT&CK framework.Network, Endpoint & Vulnerability SecurityLead CrowdStrike Falcon operations including detection, investigation, and response.Own Palo Alto Networks NGFW security, including firewall policy management, IPS/IDS, and threat prevention.Own the vulnerability management lifecycle from discovery through remediation.Drive patch automation, validation, and remediation SLAs with IT and Cloud teams.Cloud & Identity Security EngineeringEnsure secure configurations and architecture across Azure, Entra ID, and Microsoft 365.Define and enforce identity security, conditional access, and privileged access controls.Evaluate, integrate, and optimize security tooling and platform integrations.Support application and cloud-native security initiatives.Technical Leadership & On-Call OperationsLead and mentor experienced cybersecurity engineers through technical guidance and career development.Set technical direction, review designs, and provide hands-on leadership during incidents.Own the global cybersecurity on-call rotation and escalation model.Serve as the escalation point for high-severity incidents and coordinate response across teams.Build a culture of ownership, accountability, and operational excellence.Metrics, Automation & ReportingDefine and report operational cybersecurity KPIs and executive dashboards.Drive automation using SOAR, PowerShell, Python, and KQL.Maintain documentation including SOPs, incident playbooks, and security architecture baselines.Required QualificationsNote: Only candidates with proven hands-on technical expertise in advanced SecOps operations should apply. This role requires active engagement in SIEM/SOAR engineering, incident response, cloud and endpoint security, and threat detection.8–12 years of experience in cybersecurity operations or security engineering.3–5 years of experience leading SecOps or cybersecurity engineering teams.Hands-on expertise with Microsoft Sentinel, including advanced KQL query development.Hands-on experience with CrowdStrike Falcon (detection, investigation, response).Hands-on experience securing Palo Alto Networks NGFW, including firewall policy and threat prevention.Strong hands-on experience with SIEM and SOAR platforms.Deep experience leading incident response for ransomware, insider threats, and targeted attacks.Strong experience securing Hybrid Azure-centric environments.Proficiency in PowerShell, Python, and KQL for automation.Experience owning on-call rotations and escalation responsibilities.Experience working with managed SOC partners.Strong communication skills and ability to lead during high-severity incidents.Preferred QualificationsExperience with CrowdStrike Falcon MDR, Microsoft Defender (Endpoint, Identity, M365).Experience operating enterprise email security and phishing defense platforms.Familiarity with MITRE ATT&CK, Zero Trust architecture, and modern cloud security design.Experience in regulated or high-assurance environments (manufacturing, aerospace, ITAR).Experience supporting or operating in a CMMC Level 2–aligned environment.CISSP or equivalent hands-on security leadership experience preferred, not required.Experience building or maturing a cybersecurity operations program.Who Will Succeed in This RoleYou are a deeply technical SecOps leader who still writes KQL queries and reviews firewall rules.You are comfortable being on-call and leading high-severity incidents.You value automation, detection quality, and operational rigor.You want ownership and impact - not a compliance-only role.You enjoy building resilient, real-world security operations.Join Rocket EMS as a hands-on Cybersecurity Operations leader reporting directly to the CIO and Head of Cybersecurity. This is your chance to own enterprise security operations end-to-end, lead advanced incident response, architect cutting-edge SIEM, SOAR, cloud, endpoint, and email security, and influence security strategy at the highest level-all while making a tangible, high-visibility impact on a mission-critical organization.

Salary : $114,000 - $171,000