Director, Detection & Response

The Director of Detection and Response is a senior cybersecurity leader responsible for security monitoring, threat detection, incident response, and threat hunting across the organization. This role oversees the Security Operations Center (SOC) and the Security Incident Response Team (SIRT/DFIR), ensuring 24/7 global coverage to rapidly detect and respond to cyber security incidents. The Director combines deep technical expertise in cybersecurity with strategic leadership skills to protect the company’s systems and data. They will drive the team's strategy, implement protective measures, and continuously improve processes in line with the evolving threat landscape and industry best practices. This position requires close collaboration with other teams, as well as engagement with executive leadership, to communicate security posture and integrate incident response into business operations.

The ideal candidate is hands-on, stays up-to-date on emerging threats, and can effectively balance technical incident management with high-level strategy and team leadership. This role has a global scope, leading distributed teams, and will ensure the team's readiness to detect and respond to incidents across on-premise and cloud environments.

Key Responsibilities

• Strategic Leadership: Improve and implement a comprehensive detection and incident response strategy aligned with the organization’s risk tolerance, business objectives, and regulatory requirements. Provide clear vision, direction, and priorities for the Detection & Response function, and set performance metrics to measure success.
• SOC & Incident Response Oversight: Lead 24/7 global operations for continuous monitoring and rapid response to security events. Ensure effective triage, investigation, and containment of incidents, expanding coverage to meet the needs of a complex, growing environment.
• Incident Commander: Serve as the primary incident commander during major cybersecurity incidents, coordinating cross-functional teams to contain and eradicate threats. Oversee all phases of incident handling – from detection and analysis to containment, remediation, and recovery – and lead post-incident reviews to drive improvements.
• Threat Detection & Engineering: Drive the development of advanced threat detection capabilities and detection engineering efforts. Oversee the creation of high-fidelity detection logic, use cases, alerts, and automated workflows to quickly identify malicious activities. Evaluate, implement, and tune threat detection platforms and tools (SIEM, EDR, IDS/IPS, XDR) for optimal performance and minimal false positives. Integrate detection systems with automation/SOAR solutions to enable rapid, coordinated response actions.
• Proactive Threat Hunting: Lead activities to uncover hidden threats in the environment and address gaps in visibility. Work closely with the Cyber Threat Intelligence team to disseminate threat intelligence and inform protective measures. Ensure that hunting findings are fed back into detection content and preventive controls.
• Security Orchestration & Automation: Champion the use of SOAR and automation to improve efficiency and consistency in response workflows. Leverage scripting, playbooks, and security automation tools to automate repetitive tasks, enrich alerts, and reduce response times, allowing the team to focus on high-value investigations.
• Architecture & Visibility: Work with security architects and engineers to design and maintain security monitoring architecture that provides comprehensive visibility into networks, systems, applications, and cloud infrastructure. Ensure that logging, alerting, and monitoring configurations meet detection requirements across on-premises and multi-cloud (AWS, Azure, GCP) environments.
• Policy Compliance & Reporting: Ensure that incident response and security operations processes comply with relevant standards and regulations. Enforce operational security policies and standard operating procedures. Provide regular reports and dashboards on SOC performance, incident metrics, and program maturity to demonstrate value and accountability to executive leadership and auditors.
• Cross-Functional Collaboration: Collaborate with other Information Security teams, IT and Engineering teams, and business units to strengthen overall security posture. Partner with product and development teams to incorporate security monitoring early in the system development lifecycle. Work with legal, HR and corporate communications as needed.
• Bug Bounty and Vulnerability Intake: Oversee the organization’s bug bounty program and vulnerability disclosure process. Work with internal teams to validate and remediate reported vulnerabilities, and use insights from the bug bounty to enhance defenses and detection capabilities.
• Team Leadership and Development: Provide leadership, mentorship, and technical guidance to the SOC and SIRT teams. Mentor and grow a high-performing team of security analysts, incident responders, and engineers. Foster a culture of continuous learning, collaboration, and innovation. Ensure continuous training and skill development for staff to keep pace with evolving threats and technologies. Promote a culture of psychological safety and inclusivity so team members can perform at their best.
• Continuous Improvement: Stay connected with the evolving threat landscape and emerging cybersecurity best practices. Continuously evaluate and improve processes, tools, and playbooks to enhance the organization’s cyber defense capabilities. Drive post-incident lessons learned into improvements in detection and response. Innovate and bring thought leadership in areas like cloud-native security, AI/ML for security, and resilience planning to keep the program ahead of attackers.

Required Skills and Experience

• Extensive Security Experience: 10+ years of experience in cybersecurity, with significant focus on security operations, threat detection, and incident response in large-scale or highly targeted environments. At least 5 years in a leadership role managing global or distributed security teams and operations. Proven track record of building and scaling security programs and teams.
• Technical Expertise: Prior hands-on experience in security operations and incident response is a must. Deep knowledge of cybersecurity tools and technologies across multiple domains – including SIEM, EDR/XDR, network security, endpoint protection, identity and access management, data loss prevention, and forensic analysis. Experience with digital forensics (host and network), malware analysis, and threat analysis procedures.
• Threat Detection & Engineering: Demonstrated experience with detection engineering – creating detection logic, alerts, and use cases to identify attacker behaviors. Familiarity with developing data-driven detection content and tuning detections for high fidelity. Ability to prioritize and oversee creation of new security detections and automated response playbooks to cover emerging threats.
• Attacker Mindset & Frameworks: Solid understanding of attacker tactics, techniques, and procedures (TTPs) and how to defend against them. Deep familiarity with attack frameworks such as MITRE ATT&CK and the Lockheed Martin Cyber Kill Chain, and experience mapping defensive controls or detections to those frameworks. Ability to use these frameworks to assess coverage and drive threat-hunting and gap analysis efforts.
• Cloud Security Knowledge: Extensive experience securing and monitoring cloud environments, especially Amazon Web Services (AWS) in an enterprise setting. Working knowledge of other cloud platforms (Microsoft Azure and Google Cloud GCP) and their security tools is expected.
• Security Orchestration & Automation: Hands-on experience with SOAR tools and automation frameworks to streamline incident response. Familiarity with employing AI/ML or advanced analytics is a plus for improving detection and reducing false positives.
• Regulatory and Best Practices: Solid understanding of information security principles, policies, and controls. Knowledge of compliance and regulatory requirements and industry standards/frameworks. Able to ensure audit and compliance obligations are met while enabling business objectives.
• Leadership & Communication: Excellent leadership, communication, and interpersonal skills. Capable of conveying complex security issues in business terms. Good ability to work under stress during crisis situations with a calm and methodical approach. Skilled in developing talent, building collaborative relationships, and fostering a high-performance team culture.
• Problem-Solving & Analytical Skills: Strong problem-solving and analytical thinking abilities. Adept at quickly analyzing incident data, identifying root causes, and orchestrating effective response actions. Ability to make critical decisions swiftly and confidently during incidents to minimize impact.
• Up-to-Date Knowledge: Demonstrated commitment to staying ahead of on the latest cyber threats, attack techniques, and security technologies. Knowledge of emerging threats in the gaming and tech industry and how to address them.

Education and Certifications

• Bachelor’s or Master's degree in Computer Science, Information Security, Cybersecurity, or a related field is required (or equivalent combination of education and experience).
• Relevant professional certifications (e.g., CISSP, CISM, CISA, or GIAC certifications such as GCIA, GCIH, GCFA, GCFR) are highly desirable to demonstrate depth of knowledge. However, skills and experience are weighted more heavily.
• Ongoing training and education in incident response, digital forensics, cloud security, and related areas is expected, reflecting a dedication to professional growth and keeping skills sharp in the ever-evolving security landscape.

#LI-GM1