[Hiring] Sr SOC and IR Manager @Crane Company

Role Description

Do you enjoy building and leading high-performing teams while staying close to the work? Are you energized by transforming security operations, modernizing detection and response, driving automation, and partnering across the business to raise readiness? We are looking for a hands-on leader to help shape and run our SOC and incident response program at scale.

Crane is seeking a Senior Manager, Security Operations & Incident Response to lead our Security Operations Center and Incident Response (IR) program. This role helps to define the operating model, people leadership, and continuous improvement of our detection and response capabilities, partnering across Global Information Security, IT, and business teams to deliver security outcomes globally. This position reports to the CISO.

In this role, you will lead our global incident response program, related processes and technologies, and the US and international SOC teams. This is a hands-on leadership role:

• Coach and develop analysts
• Strengthen investigation and response standards
• Evolve our security operations across endpoint, network, cloud, SaaS, and identity telemetry using automation and modern workflows

As a manager with global responsibilities for SOC and IR, you will bring a steady, practical approach under pressure and the ability to lead incident coordination across technical and non-technical stakeholders. You will be comfortable serving as an incident commander, making time-sensitive decisions, setting priorities, and guiding teams through investigation, containment, recovery, and follow-up improvements while communicating clearly with leadership throughout.

This role is responsible for leading our global SOC and the tools, processes, and people that enable effective detection and response. You will set direction for a modern SOC operating model, help mature response playbooks and standard work, and drive improvements in signal quality, analyst experience, and measurable outcomes.

In this capacity, you will lead the delivery of processes and standard work for the global security operations function:

• Detection engineering and tuning
• Playbook/runbook development
• Informed monitoring
• High-quality investigations across endpoint, network, cloud, SaaS, and identity sources

This is a very hands-on position:

• Participate in threat hunting
• Guide deep-dive investigations
• Ensure service levels, operational hygiene, and team outcomes are consistently met

You will direct our use of SIEM, SOAR, and related platforms that power security operations, including integrations with identity, cloud, endpoint, and collaboration ecosystems. You will champion automation and orchestration to streamline triage and response, while thoughtfully adopting automation/AI workflows to accelerate analysis and decision-making with appropriate oversight.

As the ideal candidate, you must have a solid track record of results in successful security incident management and have prior experience in implementing automation to gain efficiencies, reduce errors, and increase capacity of an enterprise incident response program.

This role carries the expectation to be a subject matter expert in security operations and incident response readiness. You will define and lead all phases of preparation, identification, containment, eradication, and recovery, and will influence overall Global Information Security program direction and approach. You will help develop and implement security operations processes, standard work, and policy-aligned procedures, and will be responsible for maintaining operational metrics, KPIs, and executive-ready reporting to measure effectiveness and drive continuous improvement.

You will work closely with the CISO, business leadership, Global InfoSec management, and IT leaders to strengthen incident preparedness and operational excellence. You will partner with Legal, Privacy, HR, and GRC to align response processes, evidence handling, and communications practices, and you will help plan and run exercises to keep teams ready. You will be expected to communicate effectively at all levels of the organization, be detail-oriented, and be focused on outcomes and measurable program goals. You must enjoy continuous improvement and have a genuine passion for security operations.

This is an opportunity to make a visible impact on a global program alongside a team that values curiosity, craftsmanship, and collaboration. If you enjoy building capabilities, mentoring talent, and modernizing how security operations works day to day, you will find meaningful work and the support to keep growing at a strong and growing organization.

Qualifications

• Experience managing, leading, and developing remote/distributed teams with diverse backgrounds and skill levels.
• Demonstrated success designing and running SOC and incident response processes across traditional enterprise environments and modern cloud/SaaS services.
• Strong, current knowledge of security operations tradecraft: alert triage, investigation, containment/recovery coordination, post-incident reviews, and continuous improvement.
• Expertise with security telemetry and analytics: SIEM engineering, log normalization, detection content development, alert tuning, and correlation across endpoint/network/cloud/identity sources.
• Working knowledge of security automation/orchestration (SOAR) and integration patterns (APIs, webhooks, scripting) to reduce toil and improve response consistency.
• Strong fundamentals in Windows and Linux administration, networking, and modern enterprise services; able to go deep when needed and translate technical details for stakeholders.
• Solid understanding of identity and access controls (SSO, MFA, conditional access concepts) and the role of identity telemetry in detection and response.
• Ability to lead high-severity investigations with calm, clarity, and strong judgment; comfortable serving as incident commander and coordinating across teams.
• Excellent written and verbal communication skills, including executive-ready status updates, post-incident reporting, and roadmap/strategy presentations.
• Familiarity with relevant privacy, regulatory, and eDiscovery considerations for incident response (documentation, evidence handling, and reporting workflows).
• Strong project leadership skills with a track record of delivering measurable improvements.
• Flexibility to support incident response needs outside of standard business hours, as required.
• Ability to travel both domestically and internationally (est. no more than 10%).
• Supportive leader: highly motivated, self-directed, collaborative, and perpetually curious.
• Commitment to ongoing security learning and professional development (training and certifications).

Requirements

• Required: 7+ years relevant professional experience in security operations and incident response.
• Required: 3+ years managing or leading others in a security operations/incident response context.
• Preferred: Degree in a related field or equivalent practical experience.
• Preferred: Advanced professional security certifications (e.g., CISSP, CISM, GIAC or similar).
• US Person as defined under EAR PART 772 AND ITAR 120.15.

Company Description

Crane Company is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, gender, sexual orientation, general identity, national origin, disability or veteran status.