[Remote] Manager, Defensive Cyber Operations
Note: The job is a remote job and is open to candidates in USA. Blackbaud is a company that powers social impact through purpose-driven technology and responsible AI. They are seeking a Manager, Defensive Cyber Operations to lead a small team focused on enhancing detection, automation, and incident response capabilities within their security operations center.
Responsibilities
- Manage, mentor, and grow a small team of security engineers and analysts focused on detection, response, and automation
- Act as the primary technical escalation point for high‑severity incidents; lead investigations and response decision‑making
- Set and reinforce quality standards for investigations, detections, automation, documentation, and on‑call readiness
- Evolve and refine agentic SOC workflows that improve triage speed, consistency, and decision quality through automated enrichment, correlation, and recommended or automated response actions
- Iterate on existing SOC workflows, converting repeatable analyst effort into safe, reliable automation with clear guardrails, validation, and auditability
- Define and track operational metrics such as detection coverage, alert fidelity, automation success rates, and MTTD/MTTR improvements
- Own detection engineering outcomes end‑to‑end: alert logic, correlation rules, anomaly thresholds, tuning, and continuous improvement
- Mature a detection‑as‑engineering operating model, including requirements, testing, rollout, post‑deployment measurement, and documentation
- Design, iterate on, and maintain SOAR playbooks for alert enrichment, containment, remediation, and case management
- Enhance custom automation, integrations, and enrichment logic to reduce manual analyst effort and improve response consistency
- Ensure automation remains resilient, production‑grade, well‑documented, and operationally safe at scale
- Mature an existing breach & attack simulation capability to continuously validate detection and response effectiveness
- Translate BAS findings into prioritized detection, automation, and response improvements on a repeatable cadence
- Advance insider threat detection and response capabilities, including use‑case refinement, signal quality, investigation workflows, and playbooks
- Balance speed, precision, and appropriate controls while improving investigative consistency
Skills
- 5+ years experience leading security operations, detection engineering, incident response, and/or security engineering teams, with direct ownership of operational outcomes
- Strong hands‑on background in intrusion analysis using SIEM/log analytics, packet captures, and investigation tooling
- Proven experience maturing SOAR automation and/or custom tooling to drive repeatable response actions
- Strong detection engineering fundamentals, including alert fidelity, correlation, and continuous tuning
- Experience operating in cloud‑first environments, with hands‑on security detection or response exposure in AWS and Azure
- Comfort operating as both technical leader and people manager in on‑call, real‑time security environments
- Experience iterating on AI‑assisted or agentic SOC workflows with measurable operational impact
- Strong scripting experience (e.g., Python) for automation, integrations, and enrichment logic
- Experience with breach and attack simulation, purple team exercises, or continuous control validation programs
- Detection and response experience across AWS and Azure, including cloud-native logs, identity signals, and workload telemetry
- Working knowledge of adversary tradecraft and defensive frameworks (e.g., MITRE ATT&CK, NIST‑aligned approaches)
- Security+, CEH, GSEC, CISSP, GCIA, GCIH, GSOC (Equivalent or comparable security engineering, detection, or incident response certifications are welcome.)
Benefits
- Medical, dental, and vision insurance
- Remote-flexible workforce
- Wellness Programs
- 401(k) program with employer match
- Flexible paid time off
- Generous Parental Leave
- Donations for Doers
- Pet insurance, legal and identity protection
- Tuition reimbursement program
Company Overview
Company H1B Sponsorship