VP of Security Operations

Posted · Add Comment
Career Techniques Inc
Published
July 16, 2026
Location
Dallas, TX - Hybrid - 3 days/week in-office
Category
 
Job Type

Description

This role owns five operational domains: Incident Response, Vulnerability Management and Exploits, Threat Intelligence and Operations, Governance, Risk and Compliance (GRC) and Privacy, and Offensive Security. You will set the strategy, build the platforms, and run the day-to-day across all five, translating the CISO’s priorities into domain roadmaps with clear owners, metrics, and outcomes.

This is a builder’s role as much as a leader’s. You will make the tooling and platform decisions that underpin detection, response, and validation; stand up the SOC and detection engineering capability; and establish the operating cadence, service levels, and metrics that let the CISO and the business see exactly how the program is performing. You will build and empower strong domain leads, foster a culture of operational rigor and proactive security thinking, and partner closely with Infrastructure, Legal, and executive leadership to deliver a cohesive and resilient posture.

The ideal candidate brings a rare combination of operational depth and executive presence: someone who has built and run mature security operations functions at scale, understands the unique threat environment of HPC and AI infrastructure, and can represent security posture credibly to clients and board-level stakeholders.

RESPONSIBILITIES

  • Lead, manage, and grow the Security Operations organization across all five domains, ensuring each is well-resourced, has a strong lead, operates to defined service levels, and reports performance through clear metrics.
  • Deliver the SecOps program to the CISO: own the strategy, build plan, platform and tooling investments, and operating budget, and report progress, risk exposure, and program maturity with precision.
  • Own incident response end to end, structured to the NIST SP 800-61r2 lifecycle: preparedness and playbook development, detection engineering and SIEM operations, active response and containment, forensic preservation, and post-incident review with lessons-learned fed back into detections. Drive measurable improvement in mean time to detect and mean time to respond.
  • Run a risk-based vulnerability management and exploits program covering identification, prioritization, and SLA-driven remediation across the full stack, with particular attention to the attack surfaces unique to HPC and AI environments, including firmware, BMC and DRAC, GPU clusters, and CI/CD pipelines. Validate exploitability rather than reporting raw scanner output.
  • Build and mature the threat intelligence and operations function: actionable intelligence from OSINT, ISAC, vendor, and government sources; proactive threat hunting; insider threat and behavioral analytics; and adversary TTP analysis mapped to MITRE ATT&CK to drive defensive priorities.
  • Own the GRC and Privacy program: maintain a living risk register with owned and tracked acceptances, operationalize the company’s control framework and security baselines, run audit and assessment readiness, and embed privacy-by-design. Make decisions that preserve a future path to commercial certification rather than blocking it.
  • Lead the Offensive Security function, including red team operations, penetration testing, purple teaming, and adversarial simulation, and convert findings into closed detection gaps and strengthened controls, measured against ATT&CK technique coverage.
  • Select, deploy, and operate the security operations platform stack (SIEM, SOAR, EDR, threat intel, and vulnerability tooling), building business cases, defining program budgets, and partnering with finance and executive leadership to secure resources.
  • Establish the operating cadence and metrics for the function: service levels, detection coverage, remediation timeliness, and program maturity, using data to drive continuous improvement and demonstrate effectiveness to the CISO.
  • Develop strong domain leads and senior practitioners, fostering a leadership culture defined by accountability, craft, and continuous development.
  • Represent Security Operations in cross-functional forums, client-facing engagements, and regulatory contexts as needed, communicating risk posture and operational maturity to technical and non-technical audiences.

REQUIREMENTS

  • 10+ years of progressive experience in security operations, with at least 4 years in a senior leadership role managing multi-domain or multi-team security organizations.
  • Demonstrated hands-on depth across the security operations domains: incident response, vulnerability management, threat intelligence, GRC, and offensive security or red teaming, with the ability to lead each credibly rather than manage from a distance.
  • Proven experience building and running mature security operations functions in large-scale, complex infrastructure environments; experience with HPC, GPU cluster, IaaS, or AI environments is a strong advantage.
  • Direct experience standing up or substantially maturing a SOC and detection engineering capability, including selecting and operating SIEM, SOAR, and EDR platforms.
  • Working command of incident response practice, ideally structured to NIST SP 800-61r2, and of adversary behavior modeling using MITRE ATT&CK.
  • Strong track record building and scaling high-performing teams, including hiring, developing, and retaining senior practitioners and domain leads.
  • Working knowledge of risk-based and prescriptive frameworks, such as NIST CSF, the CIS Controls and CIS Benchmarks, ISO 27001, and SOC 2, and the judgment to operationalize them pragmatically in a fast-moving environment while preserving a future path to formal certification.
  • Experience leading offensive security programs and translating findings into measurable improvements in detection and defensive posture.
  • Experience driving security investment decisions: building business cases, defining program budgets, selecting and deploying enterprise security tooling, and working with finance and executive stakeholders.
  • Exceptional communication and executive presence, with the ability to distill complex threat and risk information into clear narratives for the CISO, board-level stakeholders, and clients.
  • Collaborative, strategic mindset with a bias for action, able to balance long-term risk and compliance thinking with the operational urgency of a high-growth, high-stakes infrastructure company.
  • Bachelor’s degree in Engineering, Computer Science, or a related field, or equivalent experience.
  • Max. file size: 100 MB.
  • Please complete the math question to prove you are human.

Related Jobs

Director of Vulnerability and Exploits   Dallas, TX - Hybrid - 3 days/week in-office new
July 16, 2026
Incident Response Engineer - Cyber Defense   Dallas, TX - Hybrid - 3 days/week in-office
July 9, 2026
Cyber Defense Engineer - SIEM   Dallas, TX - Hybrid - 3 days/week in-office
July 9, 2026
Manager of Network and Infrastructure Security   Dallas, TX - Hybrid - 3 days/week in-office
June 1, 2026
Director of Incident Response   Dallas, TX - Hybrid - 3 days/week in-office
June 1, 2026