Director Cyber Security Operations
Job Description
Company: ACLU
Location: Washington, US
About the Role
Director, Cyber Security Operations – full‑time, in the Administration & Finance Department of the ACLU’s National office in New York, NY or Washington, DC. Hybrid role with in‑office requirement of two days per week.
Responsibilities
• Lead and mature SOC operations with a focus on high‑fidelity detection, signal‑to‑noise optimization, and measurable detection coverage.
• Own and evolve the detection engineering program, including development of detections mapped to adversary behaviors (e.g., MITRE ATT&CK), continuous tuning, and validation through adversarial testing.
• Establish and lead a proactive threat hunting program focused on identifying unknown threats, attacker dwell time, and control gaps across identity, endpoint, cloud, and SaaS environments.
• Direct incident response and digital forensics efforts, including hands‑on leadership during high‑severity incidents, root cause analysis, and post‑incident improvement.
• Integrate cyber threat intelligence into detection and response workflows, ensuring intelligence is operationalized into actionable detections and hunt hypotheses.
• Develop, test, and continuously improve incident response playbooks, escalation paths, and decision frameworks.
• Lead tabletop exercises and adversary simulation activities to validate detection and response capabilities against realistic threat scenarios.
• Drive operational resilience initiatives, including business impact analysis, recovery planning, and coordination with crisis management stakeholders.
• Partner closely with identity, cloud, and application teams to close detection and response gaps, with a strong focus on identity as the primary attack surface.
• Coordinate with physical security and external incident response partners during complex incidents.
• Build, mentor, and scale a high‑performing security operations team, fostering a culture of curiosity, rigor, and adversarial thinking.
• Report on detection coverage, incident trends, adversary activity, and response effectiveness to senior leadership.
Qualifications
• Significant experience in cyber security operations, detection engineering, threat hunting, or incident response; 10+ years highly preferred.
• Deep experience building and tuning detections across modern environments (endpoint, identity, cloud, SaaS), with an understanding of attacker techniques and evasion methods.
• Proven experience leading and executing complex incident response engagements, including forensics, containment, and recovery.
• Strong background in threat hunting methodologies, hypothesis‑driven investigations, and identifying unknown or emerging threats.
• Experience operationalizing threat intelligence into detections, hunts, and response actions.
• Familiarity with detection frameworks (e.g., MITRE ATT&CK) and measuring detection coverage and effectiveness.
• Ability to lead through ambiguity and make high‑quality decisions during active security incidents.
• Strong communication skills, with the ability to translate technical risk into clear business impact.
• Experience mentoring and developing security practitioners.
• Relevant certifications (GCIA, GCIH, CISSP, GCFA, GNFA) preferred.
• Commitment to mission‑driven security work.
Compensation
The annual salary for this position is $229,096 (Level C2). The salary is based in New York, NY and may be adjusted for other authorized work locations.
Benefits
• Generous paid time‑off policy.
• Health, dental, & vision coverage, parental leave, and gender‑affirming care & fertility treatment.
• 401(k) plan with employer match.
• Annual professional development funds and internal workshops.
EEO & Accessibility Statement
The ACLU strongly encourages applications from all qualified individuals without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, age, or other protected characteristics. The ACLU is committed to providing reasonable accommodation to individuals with disabilities.
Source: JobLeads
