Senior Manager Threat Intelligence and Detection

We are seeking an experienced and visionary Senior Manager of Threat Intelligence and Detection Engineering to lead our proactive defense initiatives. This role involves overseeing the development and refinement of threat detection capabilities, leveraging intelligence to anticipate and mitigate threats, and guiding a team of threat analysts and detection engineers. You will play a critical role in advancing our threat-informed defense strategy and maturing our security operations program.

• Develop and execute the strategic roadmap for threat intelligence, detection engineering, and threat hunting programs across multiple business units.
• Build, lead, and mentor a high-performing team of detection engineers, threat analysts, and hunters.
• Serve as the primary subject matter expert and strategic advisor to executive leadership on evolving threat landscapes, defensive priorities, and organizational risk posture.
• Operationalize threat intelligence by integrating internal and external intel into detection engineering workflows.
• Maintain and evolve threat intelligence sources to inform risk posture and detection priorities.
• Deliver actionable threat assessments and briefings tailored to technical and executive stakeholders.
• Lead the full detection engineering lifecycle including threat modeling, detection logic development, testing with attack simulation frameworks, automated deployment, and continuous tuning based on performance metrics.
• Drive development of advanced behavior-based, anomaly detections, and AI/ML-powered detection systems aligned with MITRE ATT&CK and emerging threat actor TTPs.
• Establish strategic partnerships with red team, SOC, and incident response management to ensure comprehensive detection coverage and proactive visibility gap closure.
• Lead enterprise-wide collaboration with cloud architects, infrastructure leadership, and application development teams to enhance telemetry strategies and ensure scalable detection across complex hybrid and multi-cloud environments.
• Drive strategic contributions to enterprise incident response frameworks, lead tabletop exercises, and oversee purple team program development to continuously test and improve organizational defenses.
• Champion automation initiatives and establish data-driven decision-making frameworks across all threat detection and response operations.
• Define, implement, and report on enterprise-level key performance indicators for detection effectiveness, operational efficiency, false positive optimization, and mean time to detection across the organization.
• Integrate security detection into CI/CD pipelines and support DevSecOps initiatives.
• Manage budgets, vendor relationships, and technology investments for threat intelligence and detection engineering programs.
• Establish and maintain strategic relationships with industry peers, threat intelligence communities, and security vendors.

• Bachelor's Degree in Information Technology, Computer Science, Data Science or related experience required.
• 8+ years in information security with a focus on threat intelligence, detection engineering, or security operations.
• 3-5 years in a leadership or management role with a track record of leading high-performing technical teams.
• Deep expertise in attacker behaviors, threat actor TTPs, campaigns, and threat landscape evolution across multiple industry verticals.
• Extensive experience designing, implementing, and optimizing enterprise-scale detections across multiple SIEMs, EDR/XDR platforms, and cloud-native security tools.
• Strong working knowledge of MITRE ATT&CK, threat modeling, and structured threat intelligence formats.
• Proficiency in Python, PowerShell, and at least one other programming language for detection engineering and automation.
• Experience with detection-as-code practices and version control.
• Knowledge of threat hunting methodologies and hypothesis-driven investigations.
• Comprehensive understanding of NIST Cybersecurity Framework, ISO 27001, SOC 2, and other compliance requirements with implementation experience.
• Hands-on experience in cloud environments and containerized workloads preferred.
• Experience with threat intelligence platforms and CTI frameworks is a plus.
• Advanced knowledge of SOAR platforms and enterprise security orchestration.
• Experience with AI/ML-driven detection systems and automated response orchestration is a plus.
• API development and integration for security tooling experience preferred.
• Container security and Kubernetes threat detection knowledge is a plus.
• Experience with deception technology and honeypot deployment preferred.
• Industry certifications preferred; cloud security certifications are a plus.