Security Operations Manager

• Operational Leadership & Incident Response • Own and continuously improve end-to-end Security Operations processes, including detection, investigation, escalation, response, and post-incident activities. • Act as senior incident leader for high-severity incidents, ensuring timely containment, calm and structured decision-making, and clear stakeholder communication. • Lead and participate in complex security investigations spanning cloud infrastructure, SaaS platforms, corporate systems, user behavior, and abuse scenarios. • Ensure high-quality post-incident reviews with clear root cause analysis, actionable remediation, and accountability for follow-through. • Detection, SIEM & Automation Strategy • Define and evolve SIEM strategy, including log source onboarding, detection use cases, alert tuning, data quality standards, and coverage validation. • Oversee creation and maintenance of detection logic, correlation rules, investigation playbooks, and response workflows. • Drive automation and orchestration initiatives to reduce manual effort and accelerate triage and response. • Champion the use of AI-assisted tools and techniques to expedite investigation, enrichment, decision-making, and response. • AI-assisted tools and techniques • People Leadership, Culture & Growth • Build, lead, and retain a high-performing Security Operations team in a fully remote, distributed environment. • Foster a culture of trust, psychological safety, operational excellence, and continuous learning. • Provide clear expectations, regular feedback, and coaching aligned with individual strengths and career aspirations. • Establish and maintain clear career growth paths, helping engineers develop technical depth, operational ownership, and leadership capabilities. • Support onboarding, mentorship, documentation, and knowledge-sharing practices to strengthen team resilience and reduce single points of failure. • Cross-Functional Collaboration • Partner closely with Engineering, IT, Fraud, Legal, People, Support, and Product teams during investigations, incidents, and improvement initiatives. • Collaborate deeply with Fraud teams on abuse, account compromise, automation misuse, and anomalous behavior investigations. • Communicate security risk, incident impact, and remediation plans clearly to both technical and non-technical stakeholders. • Metrics, Reporting & Strategy • Define, track, and improve operational security metrics such as detection quality, investigation effectiveness, response outcomes, and incident trends. • Translate business risk and platform changes into actionable operational priorities and roadmap initiatives. • Contribute to the long-term Security Operations strategy for a cloud-native, SaaS-first platform, with GCP as the primary cloud environment. • cloud-native, SaaS-first platform • all for one • bold ideas and courageous action • If you’re looking for a place where your work matters, where you can push boundaries, and where your career can thrive—Apollo is the place for you. • Learn more here!