Leader – Security Operations and Incident Response

· Lead and oversee daily operations of the Security Operations Center (SOC), ensuring timely and accurate detection, triage, and response to cybersecurity threats.

· Direct the management and optimization of security monitoring technologies (SIEM, EDR, IDS/IPS, NDR, DLP, and cloud monitoring).

· Define, maintain, and govern SOC processes, playbooks, and escalation procedures.

· Collaborate with IT, DevOps, engineering, network, and cloud teams to advance enterprise-wide security monitoring and visibility.

· Track, measure, and communicate SOC operational metrics, threat trends, and risk reduction to senior leadership.

· Leverage SOAR to automate repetitive tasks, standardize incident-response workflows, and free security teams to focus on higher-value, complex threats.

· Map SIEM detections, correlation rules, and behavioral analytics to MITRE ATT&CK, Cyber Kill Chain, and other threat-modeling frameworks to ensure comprehensive coverage and structured response.

· Lead detection engineering efforts by building high-fidelity alerts, tuning correlation logic, and aligning detection use cases to adversary TTPs, threat intelligence, and organizational risk priorities.

· Serve as Incident commander, leading enterprise-wide containment, eradication, and recovery during critical cybersecurity incidents.

· Oversee development, testing, and enhancement of the incident response plan, including tabletop exercises, simulations, and red/blue team engagements.

· Direct forensic investigations, malware analysis, threat hunting operations, and root-cause analysis activities.

· Provide executive communication and status updates during cyber incidents, ensuring clarity, transparency, and effective crisis management.

· Ensure incidents are documented, lessons learned are captured, and improvements are incorporated back into people, process, and technology.

· Drive the strategic maturity of security operations and incident response programs aligned with NIST CSF, MITRE ATT&CK, CIS Controls, ISO, and other frameworks.

· Ensure SOC and IR practices comply with financial services regulatory requirements (GLBA, PCI DSS, FFIEC, NYDFS, HIPAA, SOX).

· Mentor, develop, and coach SOC analysts, incident responders, and engineers to build a high-performing and continuously improving organization.

· Evaluate and recommend emerging technologies, security tools, and operational enhancements to strengthen the cyber defense roadmap.

· Act as a trusted advisor to executive leadership on operational risk, cyber resilience, and incident readiness

· 10+ years of progressive experience in cybersecurity operations, SOC leadership, or incident response roles.

· 5+ years of leadership or management experience overseeing SOC, IR, or cyber defense teams.

· Demonstrated success in building, scaling, and maturing security operations programs.

· Advanced expertise with SIEM, SOAR, EDR, NDR, IDS/IPS, forensic tools, and threat analysis methodologies.

· Deep understanding of attacker tactics, threat intelligence, and the MITRE ATT&CK framework.

· Experience leading enterprise-scale incident response efforts.

· Excellent executive communication, briefing, and cross-functional leadership skills.

· Preferred certifications: CISSP, CISM, GIAC, CCSP, OSCP, or equivalent.

· Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related discipline.

· Extensive experience in security operations, incident response, and cybersecurity leadership.

· Certifications such as CISSP, CCSP, CISM, GIAC, OSCP/OSCE, TOGAF, CASP+, or equivalent strongly preferred.

· Experience in the financial services or mortgage industry is a plus.

· Reports To: Director or Senior Director, Cybersecurity Services

· Works closely with: CISO Office, IT leadership, risk management, and compliance teams

Must be able to verify identity and employment eligibility to work in the U.S.

This job profile is not intended to be an exhaustive list of duties and responsibilities. Additional responsibilities may be assigned as needed.

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable

accommodation may be made to enable individuals with disabilities to perform the essential functions. Must be able to lift up to ten pounds. Primary functions require sufficient physical ability and mobility to work in an office setting; to stand or sit for prolonged periods of time; to occasionally stoop, bend, kneel, crouch, reach, and twist; to lift, carry, push, and/or pull light to moderate amounts of weight; to operate office equipment requiring repetitive hand movement and fine coordination including use of a keyboard; and to verbally communicate to exchange information.

See in the normal visual range with or without correction.

Hear in the normal audio range with or without correction.

Pay Transparency Disclosure: If based in New American Funding’s offices, this role has the annual base salary range stated below.

Job level and actual compensation will be decided based on factors including, but not limited to, individual qualifications objectively assessed during the interview process (including skills and prior relevant experience, potential impact, and scope of role), market demands, and specific work location. The listed range is a guideline, and the range for this role may be modified. For roles that are available to be filled remotely, the pay range is localized according to employee work location by a factor of between 80% and 100% of range. Please discuss your specific work location with your recruiter for more information.

New American Funding offers competitive package of additional benefits, including health, dental & vision, retirement with company contribution, parental leave , mental health & wellness benefits, and generous PTO. New American Funding also offers sales incentive pay for most sales roles and an annual bonus plan for eligible non-sales roles. New American Funding’s compensation and benefits are subject to change and may be modified in the future.

[EOE/M/F/D/V. Drug-free workplace.]

#LI-JS3