Security Operations Manager

Role Overview

The Security Operations Manager is a hands-on leader responsible for ensuring Apollo’s ability to detect, investigate, respond to, and recover from security incidents effectively and at scale. This role blends strong people leadership, cross-functional collaboration, and deep technical expertise in modern security operations. The Manager is expected to lead by example, remain technically engaged, and actively contribute to investigations and high-severity incidents.

This role operates in a fully remote environment and requires excellent asynchronous communication and collaboration skills.

Key Responsibilities

Operational Leadership & Incident Response

• Own and continuously improve end-to-end Security Operations processes, including detection, investigation, escalation, response, and post-incident activities.
• Act as senior incident leader for high-severity incidents, ensuring timely containment, calm and structured decision-making, and clear stakeholder communication.
• Lead and participate in complex security investigations spanning cloud infrastructure, SaaS platforms, corporate systems, user behavior, and abuse scenarios.
• Ensure high-quality post-incident reviews with clear root cause analysis, actionable remediation, and accountability for follow-through.

Detection, SIEM & Automation Strategy

• Define and evolve SIEM strategy, including log source onboarding, detection use cases, alert tuning, data quality standards, and coverage validation.
• Oversee creation and maintenance of detection logic, correlation rules, investigation playbooks, and response workflows.
• Drive automation and orchestration initiatives to reduce manual effort and accelerate triage and response.
• Champion the use of AI-assisted tools and techniques to expedite investigation, enrichment, decision-making, and response.

People Leadership, Culture & Growth

• Build, lead, and retain a high-performing Security Operations team in a fully remote, distributed environment.
• Foster a culture of trust, psychological safety, operational excellence, and continuous learning.
• Provide clear expectations, regular feedback, and coaching aligned with individual strengths and career aspirations.
• Establish and maintain clear career growth paths, helping engineers develop technical depth, operational ownership, and leadership capabilities.
• Support onboarding, mentorship, documentation, and knowledge-sharing practices to strengthen team resilience and reduce single points of failure.

Cross-Functional Collaboration

• Partner closely with Engineering, IT, Fraud, Legal, People, Support, and Product teams during investigations, incidents, and improvement initiatives.
• Collaborate deeply with Fraud teams on abuse, account compromise, automation misuse, and anomalous behavior investigations.
• Communicate security risk, incident impact, and remediation plans clearly to both technical and non-technical stakeholders.

Metrics, Reporting & Strategy

• Define, track, and improve operational security metrics such as detection quality, investigation effectiveness, response outcomes, and incident trends.
• Translate business risk and platform changes into actionable operational priorities and roadmap initiatives.
• Contribute to the long-term Security Operations strategy for a cloud-native, SaaS-first platform, with GCP as the primary cloud environment.

Required Skills & Experience

(We expect strong candidates to meet most of these requirements; seniority may be calibrated based on demonstrated scope and impact.)

• 7+ years of experience in Security Operations, Incident Response, or Security Engineering.
• 3+ years of people management experience, including hiring, coaching, and performance management, ideally in a remote-first environment.
• Strong hands-on experience with SIEM platforms (experience with Panther is highly valued), detection engineering, log analysis, and security investigations.
• Experience designing and automating security workflows and response processes.
• Experience with cloud-native platforms (GCP preferred; AWS and Azure also relevant) and SaaS applications.
• Proficiency in Python for automation, analysis, and tooling; familiarity with Ruby is a plus.
• Excellent written and verbal communication, leadership, and stakeholder management skills.

Preferred Qualifications

• Experience using AI or ML-assisted security tooling for detection, investigation, or response.
• Familiarity with vulnerability management programs, SLAs, and remediation workflows.
• Relevant certifications such as CISSP, GCIA, GCIH, GCED, or Google Professional Cloud Security Engineer / AWS Security Specialty.