Director / VP of Product – AI-Powered Threat Investigation & Response - Cyber Security Startup - Salary INR 75 L

Overview:

We are seeking a hands-on product leader to drive the strategy, design, and operational delivery of AI-driven threat investigation and response content at platform scale. This role is ideal for a former detection/content engineer or SOC technologist who has transitioned into product leadership and is passionate about building structured, extensible content pipelines that empower AI-first security operations.

You will lead the vision and execution for how signals, detections, analyst workflows, and enrichment data are transformed into reusable and dynamic content powering automated and guided investigations. This role sits at the intersection of AI, SecOps, and cloud security; bridging detection engineering with platform architecture to enable decision-making at scale..

Key Responsibilities

Lead Product Strategy for investigation and response content—driving how AI consumes detections, threat signals, and analyst inputs to power autonomous investigations and remediation workflows.

Build and Scale Content Frameworks that transform detection logic and SOC workflows into reusable, modular structures (e.g., YAML, Sigma, JSON decision graphs) that drive AI logic, enrichment, and automation.

Operationalize Delivery Pipelines to ship new investigation playbooks, enrichment paths, and guided workflows continuously to customers via CI/CD: ensuring traceability, versioning, and runtime adaptability.

Bridge Engineering & Threat Teams to define how detection signals from tools like Snowflake, Chronicle, Microsoft Sentinel, Splunk, and others are ingested, contextualized, and converted into AI-consumable knowledge.

Align AI/ML with Content Strategy: Partner with ML engineers to codify decision trees, feedback loops, and human-in-the-loop workflows into the investigation pipeline; ensuring models adapt to real-world SOC behavior and outcomes.

Ensure Broad Coverage across cloud platforms (AWS, Azure, GCP) and adjacent categories (IAM, EDR/XDR, Firewalls) by standardizing how telemetry from each system maps into the investigation and response ecosystem.

Establish Feedback Mechanisms so analyst actions, false positives, response success, and escalations directly improve both AI models and future content updates.

Measure Content Effectiveness across real-world deployments—tracking usage, detection-to-response latency, model accuracy impact, and SOC productivity.

Requirements / Qualifications:

8 - 12 years of experience in Product Management or hybrid roles involving Detection Engineering, Security Content, or Security Automation, with a progression into senior product leadership.

Prior hands-on experience working with or authoring detection and response content using formats like Sigma, KQL, YAML, JSON.

Strong familiarity with SIEMs, data lakes, and security data pipelines (e.g., Snowflake, Chronicle, ELK, Splunk, MS Sentinel).

Deep understanding of SOC workflows, cloud telemetry, and threat investigation lifecycle; from detection and enrichment to triage and response.

Experience operationalizing content delivery through Git-based workflows, CI/CD pipelines, and scalable deployment mechanisms in multi-tenant environments.

Proven ability to lead cross-functional teams (engineering, ML, threat research, customer success) to deliver on aggressive timelines with clarity and precision.

Nice to Have:

Experience working on AI/ML-based decision engines or agentic security systems.

Familiarity with SOAR, XDR, or custom security automation platforms.

Background working with MSSPs or content-centric multi-tenant platforms.

Ability to write or review security automation scripts (Python, Bash, etc.).

Relevant certifications (CISSP, GCTI, GCIA) or experience leading IR/SOC teams.

Connect to me at rajeshwari.vh@careerxperts.com for more details.