Senior Security Operations Manager, Detection Engineering & Incident Response

THE ROLE

The Senior Manager, Security Operations - Detection Engineering & Incident Response will lead and evolve Pures Security Operations (SecOps) function across Detection Engineering, Threat Intelligence, and Incident Response (CIDR). The mission is to transform SecOps into a proactive, intelligence-driven, and outcome-oriented program that measurably reduces enterprise risk and strengthens security posture across cloud, SaaS, infrastructure, and endpoint environments.

This role sits at the intersection of detection, incident response, threat hunting, attack surface management, and platform security. Youll build and mature a high-signal detection and response system - from telemetry pipelines to actionable alerts - ensuring every detection maps to real attacker behavior and closes meaningful risk paths.

Youll partner closely with leaders across GRC, Product Security, Infrastructure, IAM, and Engineering to operationalize risk-informed detections, mature IR processes, and drive measurable improvements in security posture.

WHAT YOULL DO

• Lead and mature the Detection Engineering and CIDR functions across threat detection, response workflows, incident triage, and automation.
• Build and maintain a comprehensive detection inventory categorized by threat type, log source, MITRE mapping, and detection method.
• Drive continuous validation through red team, purple team, and atomic testing.
• Own key SecOps metrics such as MTTD, MTTR, and alert quality to improve signal-to-noise ratio and detection confidence.
• Oversee ingestion of telemetry (AWS, Azure, SaaS, endpoint, network) into Splunk and SOAR pipelines.
• Ensure incident response workflows are automated, repeatable, and outcome-focused.
• Lead post-incident reviews and root-cause analyses, tracking corrective actions to closure.
• Correlate threat intelligence, detection gaps, and hunt findings into prioritized roadmap updates.
• Drive detection-to-remediation loops by partnering with ASM, Infra, IAM, AppSec, and GRC teams.
• Produce dashboards that connect technical posture to business risk and ownership metrics.
• Lead scenario-based tabletops, detection drills, and incident simulations.

We are primarily an in-office environment and therefore, you will be expected to work from the Santa Clara, CA office in compliance with Pures policies, unless you are on PTO, work travel, or other approved leave.

WHAT YOU BRING

• 10+ years in cybersecurity, including 5+ years in detection, incident response, or SecOps leadership.
• Proven experience leading detection engineering and incident response teams at enterprise scale.
• Deep expertise with:
• SIEM (Splunk preferred), SOAR (Tines, XSOAR), and EDR (CrowdStrike).
• Cloud telemetry and detection (CloudTrail, GuardDuty, VPC flow).
• Threat modeling, MITRE ATT&CK, and TTP-to-detection lifecycle.
• Experience with detection-as-code practices, version control, and CI/CD pipelines.
• Hands-on skills validating detections through replay, simulation, and log mining.
• Familiarity with frameworks such as CIS Controls, NIST 800-53, and SOC 2.
• Ability to translate complex security data into clear, executive-level insights.
• Proven cross-team collaboration with Infra, GRC, Product Security, and App teams.
• Strong written and verbal communication with an emphasis on clarity and measurable outcomes.

Preferred Qualifications

• Experience operating in hybrid cloud and SaaS-heavy environments.
• Understanding of attacker behavior, threat intel feeds, and threat hunting workflows.
• Familiarity with secrets detection, data exfiltration indicators, and IAM anomaly detection.
• Certifications such as CISSP, GCIH, GCIA, OSCP, AWS Security, or equivalent.

#LI-ONSITE #LI-TH3