Director, Head of Detection & Response

Job Description

Company: Unisys

Location: Milesburg, US

About The Team What success looks like in this role: Unisys Detection & Response team under Global Security Operations is responsible threat detection and incident response for Unisys. This organization is peer to Attack Surface Management, Identity & Access Security, and Intel & Offensive Security. This team will have services like 24×7 SOC, Investigation, Incident Response, Threat Hunting, Insider Threat etc.

This also includes FSO which manages the clearance processes for federal projects.

What Success Looks Like In This

Role Structure the team with a function/service/capability model. Identify the RACI and key metrics for each service. Increase the talent density within the team through professional development and people management.

Operationalize Security Incident Response

Plan for the organization and integrate to crisis management plan.

Implement Detection Response

Platform with clear program health metrics. Increase the Investigation and IR coverage to 24×7 and build a inhouse team. Reestablish advanced hunting within existing IR team. Lead FSO and manage officers assigned. manage certifications and obligation from agencies.

Key Responsibilities Strategic Leadership – Develop and implement a comprehensive detection and incident response strategy aligned with the organization’s risk tolerance, regulatory requirements, and industry best practices.

Provide strategic direction and vision for the Detection & Incident Response team, setting clear objectives, priorities, and performance metrics.

Collaborate with senior leadership, IT teams, and other stakeholders to integrate cybersecurity incident response to other business processes.

Threat

Detection – Platform Implementation: Working experience of Google SecOps, Cribl, Splunk etc.

Detection

Engineering experience with SOC Prime and similar. UEBA for Insider Threat.

Configuration and Optimization: Oversee the configuration and fine-tuning of the selected platforms to achieve optimal performance in threat detection while minimizing false positives, enhancing the overall effectiveness of the cybersecurity infrastructure.

Integration and Automation: Establish seamless integration between the threat detection platform and existing security tools, such as SIEM and EDR solutions, enabling enhanced visibility and automated response capabilities to rapidly mitigate emerging threats and security incidents.

Incident Response Management

Establish and maintain a robust incident response framework, including incident classification, escalation procedures, communication protocols, and coordination with internal teams and external partners.

Serve as the primary point of contact for all cybersecurity incidents, liaising with relevant stakeholders, including legal, privacy, ethics & compliance, communications, and law enforcement agencies as necessary.

Provide leadership and guidance to the incident response team during high-pressure situations, ensuring a coordinated and effective response effort. Team Development & Training- Recruit, mentor, and develop a high-performing team of detection and incident response professionals, fostering a culture of collaboration, innovation, and continuous learning.

Conduct regular training exercises, tabletop simulations, and knowledge sharing sessions to enhance the team’s skills, preparedness, and resilience in responding to emerging threats and attack scenarios.

You will be successful in this role if you have: You will be successful in this role if you have: Bachelor’s degree in Computer Science, Information Security, or related field (Master’s degree preferred).

15+ years of experience with 8+ in a leadership role within cybersecurity, with a focus on threat detection, response, and management.

Deep technical expertise in cybersecurity tools, technologies, and methodologies, threat intelligence, and forensic analysis.

Strong understanding of regulatory requirements, compliance standards (e.g., GDPR, PCI DSS), and industry frameworks (e.g., NIST Cybersecurity Framework, ISO 27001).

Excellent communication, leadership, and interpersonal skills, with the ability to influence stakeholders at from engineer to senior executives.

Experience of successfully managing complex cybersecurity incidents and leading cross-functional response teams in a fast-paced environment.

US Citizen willing to go through clearance or already have a clearance. This role may require access to export-controlled commodities and technology. Therefore, to conform to U.S. export control regulations, applicant should be eligible for any required authorizations from the U.S.

Government. Unisys is proud to be an equal opportunity employer that considers all qualified applicants without regard to age, caste, citizenship, color, disabil

Source: BeBee