Incident Response Manager (Security Operations Center)

Canada·VancouverFull-timemid

SecurityOtherManager

2 views0 saves0 applied

Apply Now

Quick Summary

Overview

About Match Group Match Group (NASDAQ: MTCH) is a leading provider of dating products across the globe, operating a portfolio of brands including Tinder, Hinge, Match, OkCupid, Pairs, Meetic,

Technical Tools

SecurityOtherManager

Match Group (NASDAQ: MTCH) is a leading provider of dating products across the globe, operating a portfolio of brands including Tinder, Hinge, Match, OkCupid, Pairs, Meetic, and more. With hundreds of millions of users worldwide generating billions of interactions daily, our scale demands world-class security operations.

The MG Security Engineering organization provides unified security services across all Match Group brands. The Monitoring, Incident Response & SOC team is responsible for real-time threat detection, investigation, and response across the full portfolio — operating 24/7 to ensure security alerts are effectively triaged and responded to, minimizing the impact of potential threats.

As the Manager, IR / SOC, you will lead the integrated team responsible for Detection Engineering, Security Operations Center (SOC), and Incident Response (IR) across Match Group. Reporting to the Sr. Director of Security Engineering, you will drive the strategic vision of maximizing rapid and accurate threat response capabilities by integrating these three core functions and leveraging AI-driven innovation.

You will own the detection lifecycle end-to-end — from signal engineering and alert tuning through triage, investigation, and incident resolution — while building toward an AI-augmented SOC model that reduces noise, accelerates response, and scales across a global portfolio.

Lead and develop a high-performing team of SOC analysts, detection engineers, and incident responders operating across multiple time zones with 24/7 coverage

Play a key role in developing the detection engineering framework, contributing to detections-as-code (DaC) via GitOps/CI/CD pipelines for consistency and automated deployment

Drive AI Agentic SOC adoption — evaluate, select, and implement AI-driven triage and investigation tooling to maximize SOC efficiency, reduce false positives, and accelerate initial response speed

Manage the full incident lifecycle — from detection through containment, eradication, recovery, and lessons learned — partnering with Legal, Communications, Privacy, and Engineering teams

Build and refine detection content across the SIEM platform, integrating log sources across all MG brands (Tinder, Hinge, Match, E&E, HPCNT, Eureka, and New Bets)

Establish and track SOC metrics and SLAs, creating dashboards to visualize performance, alert fidelity, and response effectiveness

Coordinate and execute IR tabletop exercises (technical and management-level) across brands to validate readiness and improve playbooks

Partner with the Red Team to validate detection capabilities through adversary simulation and assumed-compromise testing

Collaborate with Platform Security, InfraSec, and AppSec teams to identify and close detection gaps across cloud-native and hybrid environments (AWS, GCP), datacenter infrastructure, endpoints (CrowdStrike), identity (Okta), SaaS, and application layers

Integrate threat intelligence into detection and response workflows to anticipate and proactively defend against emerging threats

Use automation to improve detection and response times and mitigate incident impact

5+ years of experience in security operations, incident response, detection engineering, or threat hunting, with 2+ years in a team leadership or management role

Proven experience building and operating a modern SOC in cloud-native and hybrid environments (AWS, GCP) and datacenter infrastructure

Hands-on experience with SIEM platforms and SOAR tools — including detection-as-code methodologies

Strong understanding of AI/ML applications in security operations — agentic SOC, automated triage, and intelligent alert enrichment

Experience managing the full incident lifecycle across complex, multi-brand or multi-tenant environments

Deep knowledge of attacker TTPs (MITRE ATT&CK), endpoint and network forensics, and threat hunting techniques

Experience with cloud security monitoring (AWS CloudTrail, GuardDuty, Security Hub, CloudWatch; GCP Security Command Center), datacenter security, and container orchestration security (Kubernetes)

Familiarity with identity and access security monitoring (Okta, SSO, MFA events)

Experience coordinating with external incident response teams, law enforcement, and cross-functional stakeholders during security events

Polished verbal and written communication skills — ability to communicate clearly during high-pressure incidents and deliver thorough post-incident reports to technical and executive audiences

Relevant certifications are a plus: GCIH, GCFA, GCIA, GSOM, CISSP, or equivalent

Experience with Python-based detections and log analysis in modern cloud-native SIEM platforms

Background in the consumer internet/dating industry or other high-scale B2C platforms

Familiarity with Cloudflare (WAF, Bot Management), CrowdStrike, and SaaS security monitoring (Obsidian or similar)

Experience building or leading a Blue Team volunteer program or cross-functional security response team