We are seeking a highly experienced and strategic Security Engineering and Operations Manager to lead and optimize our cloud security monitoring, incident response, and operational practices within our Google Cloud Platform (GCP) environment. This role is crucial for ensuring the continuous effectiveness of our security controls and maintaining a strong security posture.The ideal candidate will possess a deep understanding of security best practices, operational methodologies, and compliance frameworks (especially SOC 2). While not primarily a hands-on technical role, you will leverage your strong technical acumen to guide security engineers, drive operational improvements, enhance threat awareness, and translate complex security data into actionable insights through effective dashboarding and reporting. You will be responsible for managing the lifecycle of security operations, fostering a culture of proactive security, and ensuring our operations align with Ford Credit's business objectives and regulatory requirements
Responsibilities
- Lead and manage day-to-day security operations, including security monitoring, incident response, vulnerability management, and threat intelligence processes.
- Develop, implement, and continuously refine security operations strategies and best practices to enhance the efficiency and effectiveness of our security posture in GCP.
- Oversee the lifecycle of security incidents, from detection and analysis to containment, eradication, recovery, and post-incident review.
- Drive the integration of threat intelligence into security monitoring and incident response workflows to improve detection and prevention capabilities.
- Implement and manage best practices for security logging, event correlation, and alert generation within the GCP ecosystem and integrated security platforms.
- Oversee the selection, implementation, and optimization of security operations tools, including SIEMs (e.g., Google Chronicle, Splunk), EDR, IDS/IPS, WAFs, and vulnerability scanners.
- Ensure the effective utilization of GCP-native security services such as Security Command Center, Cloud Logging, Cloud Monitoring, Cloud Armor, and IDS/IPS solutions for operational visibility and threat detection.
- Collaborate with security engineers to ensure security tools are properly configured, maintained, and integrated into operational workflows.
- Ensure all security operations and monitoring activities adhere to relevant regulatory and compliance frameworks, with a strong focus on SOC 2 requirements.
- Develop and maintain documentation for security operations processes, procedures, and controls to support audit requirements.
- Work closely with internal and external auditors during compliance assessments, providing evidence and explanations related to security operations.
- Drive continuous improvement in security operations to meet evolving compliance standards.
- Foster a culture of proactive threat awareness within the security operations team and across relevant stakeholders.
- Design, build, and maintain comprehensive security dashboards, metrics, and reports to provide clear visibility into security posture, operational performance, and key risk indicators for various audiences (technical teams to executive leadership).
- Communicate effectively on security incidents, threats, and operational status to stakeholders, ensuring timely and accurate information dissemination.
- Provide leadership, mentorship, and guidance to security engineers and analysts, fostering their professional growth and technical capabilities.
- Collaborate extensively with cross-functional teams (e.g., development, infrastructure, compliance, risk management) to ensure security operations are aligned with broader organizational goals.
- Manage vendor relationships for security tools and services relevant to security operations.
Qualifications
- Bachelor's degree in Computer Science, Information Security, or a related technical field, or equivalent practical experience.
- 8+ years of progressive experience in Information Security, with at least 3+ years in a leadership or managerial role focused on Security Operations, SOC management, or Security Engineering management.
- Demonstrated experience in implementing and managing security monitoring and incident response programs.
- Strong knowledge of security operations best practices, processes, and frameworks (e.g., NIST, ISO 27001).
- In-depth understanding and practical experience with SOC 2 compliance requirements and audit processes.
- Experience with cloud security operations in GCP, including services like Security Command Center, Cloud Logging, Cloud Monitoring, Chronicle, Cloud Armor, and Cloud IDS/IPS.
- Hands-on experience with security tools and technologies such as SIEMs, Endpoint Detection and Response (EDR), Web Application Firewalls (WAFs), Intrusion Detection Systems (IDS), and vulnerability scanners.
- Proven ability to design and implement security dashboards and reporting mechanisms to provide actionable insights.
- Solid understanding of threat detection methodologies, MITRE ATT&CK framework, and common attack vectors.
- Knowledge of network protocols, operating system internals, and security monitoring techniques.
- Excellent communication, interpersonal, and leadership skills, with the ability to effectively manage teams, influence stakeholders, and present complex information clearly to diverse audiences.
- Strong troubleshooting and problem-solving skills, with an analytical approach to security challenges.
Preferred Qualification:
- Relevant certifications such as CISSP, CISM, GCIH, CCSP, or GCP Professional Cloud Security Engineer.
- Experience with Security Orchestration, Automation, and Response (SOAR) platforms.
- Experience managing a Security Operations Center (SOC) or similar operational security team.
- Knowledge of data lake concepts and technologies for security data aggregation and analysis.
