The Director of the Security Operations is a established cybersecurity leader responsible for strategic oversight, operational excellence, and continuous maturity of the SOC , ensuring 24/7 monitoring, detection, and response to cyber threats. This role leads multidisciplinary teams across security operations, threat intelligence, incident response, and engineering, aligning SOC activities with enterprise risk, business objectives, and regulatory requirements.
The Director will develop and execute SOC strategy, enhance detection and response capabilities, manage internal staff and MSSP partners, and ensure measurable improvements through KPIs such as MTTD, MTTR, and threat detection efficacy.
JOB DUTIES
Strategic Leadership & Governance
Develop and execute an enterprise SOC strategy aligned with corporate risk, security architecture, and business objectives.
Oversee SOC governance including policies, processes, runbooks, and incident response playbooks.
Define SOC goals, KPIs, SLAs, success metrics, and continuous improvement roadmaps.
Provide briefings and actionable insights to the CISO, executive leadership, and the board on SOC posture, threat trends, and incident impact.
Develop, standardize, and maintain core security governance documentation, including the Information Security Program, Incident Response Plan, and Security Policies and Procedures
Operational Excellence
Lead 24/7 SOC operations ensuring high-quality monitoring, detection, analysis, threat hunting, and incident response.
Oversee escalations for anomalous activities, vulnerabilities, and significant cyber events; ensure proper triage and coordinated response.
Ensure protection and detection capabilities leverage modern analytics, automation, engineering, and industry-accepted cybersecurity architecture practices.
Identify, categorize, and report SOC performance trends; continuously optimize processes to improve detection fidelity and reduce overall risk.
Team Leadership & Workforce Development
Lead, mentor, and develop SOC managers, engineers, analysts, and threat intelligence staff; build a high-performing and resilient SOC culture.
Define staffing models, career pathways, training programs, and competency expectations.
Maintain strong hiring, coaching, and retention practices to address talent shortages and burnout risks.
Technology, Tools & Engineering
Oversee enterprise security monitoring, automation, endpoint, identity, network, and cloud detection capabilities
Partner with architecture and engineering teams to tune detection rules, prevention signatures, and correlation logic.
Manage SOC technology roadmap and recommend upgrades, emerging solutions, or automation enhancements.
Incident Response & Threat Management
Direct cross-functional incident response, ensuring rapid mitigation, root-cause analysis, and post-incident reporting.
Lead proactive threat hunting and ensure timely consumption of threat intelligence to anticipate and mitigate emerging risks.
Ensure SOC integrates with enterprise crisis management, forensics, and business resilience functions.
Vendor, MSSP & Stakeholder Management
Manage relationships with MDR, MSSP partners and security technology vendors; ensure high-quality service delivery and contract compliance.
Coordinate with IT, cloud teams, legal, privacy, compliance, and business units during detection and response activities.
Collaborate with Legal, Privacy, and Compliance teams to ensure SOC processes meet regulatory and data privacy requirements and provide documentation supporting security governance programs.
YOU MUST HAVE
10+ years of progressive experience in security operations, cyber defense, or threat management, with at least 5+ years in SOC leadership.
Proven hands-on technical background in:
Firewalls, IDS/IPS
Endpoint protection/EDR
Email security
Network security
Incident response and digital investigations
Optimize detection logic, behavioral analytics, correlation rules, and automated response workflows
Strong understanding of enterprise infrastructure: networking, storage, servers, cloud, identity, and logging technologies.
Demonstrated ability to manage 24/7 operations and high-pressure incident scenarios.
Effective communication skills with the ability to translate complex threats into clear, executive-level language.
WE VALUE
CISSP, CISM, GCIA, GCIH, CEH, or equivalent.
Experience working in hybrid/multi-cloud environments and with modern cloud-native detection technologies.
Experience optimizing SOC performance via automation, threat intelligence integration, KPI monitoring, and continuous improvement frameworks.
Familiarity with MITRE ATT&CK, NIST CSF, ISO 27001, and SANS SOC maturity models.
Strong leadership, decision-making, and crisis-management skills.
Deep understanding of cybersecurity principles, threat actors, attack lifecycles, cryptographic concepts, and vulnerability management.
Ability to maintain confidentiality and handle sensitive information with professionalism.
Demonstrated commitment to innovation, operational excellence, and measurable security outcomes.
WHAT'S IN IT FOR YOU
Join a team that truly values work-life integration and balance where your well-being comes first.
Grow your career while diving into cutting-edge technologies and continuous learning opportunities.
Help shape innovative IoT and control solutions that influence the everyday lives of millions.
Channel your curiosity and passion for discovery while exploring new possibilities and bringing forward bold use cases that help us pioneer the future.
#LI-MA1
#LI-ONSITE
Resideo Technologies has announced its intention to spin off ADI Global Distribution and establish it as a separate, publicly traded company. Under this plan, ADI will continue its role as a leading global wholesale distributor serving commercial and residential markets, while Resideo will retain its manufacturing and product-solutions business. Upon separation, both companies will operate independently to better serve their respective markets and customers. The spin-off is currently targeted for completion in the second half of 2026, subject to customary conditions.
Resideo is a $6.76 billion global manufacturer, developer, and distributor of technology-driven sensing and control solutions that help homeowners and businesses stay connected and in control of their comfort, security, energy use, and smart living. We focus on the professional channel, serving over 100,000 contractors, installers, dealers, and integrators across the HVAC, security, fire, electrical, and home comfort markets. Our products are found in more than 150 million residential and commercial spaces worldwide, with tens of millions of new devices sold annually. Trusted brands like Honeywell Home, First Alert, and Resideo power connected living for over 12.8 million customers through our Products & Solutions segment. Our ADI | Snap One segment spans 200+ stocking locations in 17 countries, offering a catalog of over 500,000 products from more than 1,000 manufacturers. With a global team of more than 14,000 employees, we offer the opportunity to make a real impact in a fast-growing, purpose-driven industry. Learn more at http://www.resideo.com/.
At Resideo, we bring together diverse individuals to build the future of homes. Resideo is an equal opportunity employer. Qualified applicants will be considered without regard to age, race, creed, color, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex, religion, or veteran status. For more information on applicable U.S. equal employment regulations, refer to the https://www.resideo.com/us/en/-/media/Resideo/Files/Corporate/Resideo%20%20-%20Recruitment%20Privacy%20Notice.pdfrv=6d871e71bfa24982b181c92fda232b7a. If you require a reasonable accommodation to apply for a job, please use Contact Us form for assistance.
