[Hiring] Senior Manager, Security Operations @Semrush

Role Description

Incident Response Ownership

• Own and continuously improve the Security Incident Response process end-to-end.
• Act as Incident Commander for high-severity security incidents.
• Serve as Security Lead in cross-functional incidents with a security impact.
• Ensure clear coordination, communication, and stakeholder alignment during incidents.
• Own post-incident reviews, including root cause analysis, action item definition, and tracking to completion.
• Maintain and evolve incident documentation standards, runbooks governance, and response playbooks oversight.
• Ensure appropriate escalation handling for high-severity incidents outside business hours on a best-effort basis.

Security Monitoring & Detection Oversight

• Own the Security Monitoring process, ensuring alert quality, signal-to-noise balance, and operational efficiency.
• Oversee Detection Engineering as a managed process, including prioritization, quality control, and alignment with threat landscape.
• Ensure effective integration of Threat Intelligence into detection and response workflows.
• Own Log Management from an operational perspective, including logging requirements, coverage, ingestion health, and data quality oversight.
• Coordinate response to logging-related incidents affecting monitoring capabilities.

Metrics & Operational Accountability

• Own the SOC operational metrics framework.
• Be accountable for key performance indicators including:
• Alert response times (MTTA)
• Mean Time to Contain and incident lifecycle efficiency
• Incident SLO adherence
• Alert quality and false positive reduction
• Monitoring coverage and logging health indicators
• Drive metric-based prioritization and improvements across SOC processes.
• Provide structured reporting to leadership on SOC performance and risks.

Team Leadership & People Management

• Lead a lean SOC team composed of Analysts and a Security Data Engineer.
• Conduct performance reviews and regular one-to-ones.
• Own individual development plans and learning roadmaps for team members.
• Manage hiring, onboarding, staffing, and workload planning.
• Ensure sustainable coverage model and operational resilience.
• Conduct tabletop exercises and ensure team readiness for high-severity events.
• Foster a culture of accountability, continuous improvement, and operational discipline.

Operational Roadmap & Process Ownership

• Own the SOC operational roadmap and backlog.
• Prioritize initiatives based on risk, impact, and available resources.
• Manage operational trade-offs in a resource-constrained environment.
• Collaborate with internal stakeholders across Engineering, Product, and Corporate functions.
• Participate in vendor relationship oversight within the SOC technology stack.
• Support external audits such as SOC 2 and PCI DSS from an operational perspective, including process explanation and evidence coordination.

Qualifications

• Strong experience in Security Operations and Incident Response management.
• Demonstrated experience coordinating high-severity security incidents.
• Solid understanding of Security Monitoring, Detection Engineering, and Log Management processes.
• Deep familiarity with SIEM platforms and security monitoring ecosystems.
• Strong understanding of alert lifecycle management and signal optimization.
• Experience working with threat intelligence integrations.
• Proven ability to operate in metric-driven operational environments.
• Experience interacting with auditors and supporting compliance processes such as SOC 2 or PCI DSS.
• Ability to manage processes end-to-end in a lean operational setting.

Benefits

• Unlimited PTO
• Hobby & team building budget allowance
• Employee Support Program
• Loss of family member financial aid
• Employee Resource Groups