Cybersecurity Operations Manager

Vaco by Highspring invites experienced cybersecurity leaders to join as a Cybersecurity Operations Manager in Tempe, AZ on a hybrid schedule. The role offers a base salary of USD 140,000 to 160,000 per year, plus bonus potential and a comprehensive benefits package. This hands-on leadership position guides and matures core security operations across the enterprise, including SOC, vulnerability management, endpoint security, DLP, incident response, and security automation. You will mentor the security team while remaining engaged in technical work as needed.

Responsibilities

• Oversee daily SOC operations, ensuring continuous monitoring, efficient alert triage, timely escalation, and streamlined incident response workflows.
• Collaborate with an external MSSP to uphold SLA commitments, improve alert quality, and expedite escalation of critical issues.
• Direct vulnerability management across Rapid7, Defender, and related tools, prioritizing risks, tracking remediation, and reporting to executives.
• Oversee endpoint security initiatives across Intune, Jamf, Defender, and related endpoint controls.
• Advance SIEM and SOAR capabilities, focusing on automation for level 1 responses, alert enrichment, and reusable playbooks.
• Develop and refine incident response processes, including playbooks, simulations, post-incident reviews, and lessons learned.
• Collaborate with IT, GRC, engineering, and business teams to strengthen the organization's security posture.
• Support data loss prevention strategy and monitoring to safeguard sensitive data across SaaS, cloud, and endpoints.
• Use security metrics, scorecards, and framework alignment to communicate program maturity and identify improvement areas.
• Assess the responsible use of AI in security operations, including automation of response workflows and protecting AI enabled systems.
• Mentor security team members while staying engaged in hands-on technical work when required.
• Help define and operationalize security programs that reduce risk while enabling business speed.

Requirements

• Six or more years of experience in cybersecurity, information security operations, incident response, infrastructure, or related technical security roles.
• Proven experience managing or leading SOC operations in a corporate environment or MSSP setting.
• Strong understanding of the end-to-end incident response lifecycle, from alert intake through containment, remediation, and post-incident review.
• Hands-on experience with MDR, EDR, SIEM, SOAR, vulnerability management, and endpoint security tools.
• Experience maturing vulnerability management programs, including risk prioritization, remediation coordination, and reporting.
• Experience partnering with or managing MSSP relationships and holding vendors accountable to performance expectations.
• Strong understanding of security frameworks and compliance considerations such as NIST, CIS Controls, PCI, SOX, and CCPA.
• Ability to lead without authority and collaborate effectively across IT, engineering, GRC, and business teams.
• Experience managing high-pressure incidents and making informed decisions under time-sensitive conditions.
• Understanding of AI concepts and their impact on cybersecurity operations, including AI-enabled threats and secure use of AI tools.
• Bachelor’s degree in a related field, or equivalent additional experience.

Technologies

• Rapid7
• Defender
• Intune
• Jamf
• Workato
• Microsoft Defender
• MDR
• EDR
• SIEM
• SOAR
• AWS
• Azure
• GCP

Benefits

• Bonus potential and other financial incentives
• Comprehensive benefits package