Security Engineering and Operations Manager

Job Description

We are seeking a highly experienced and strategic Security Engineering and Operations Manager to lead and optimize our cloud security monitoring, incident response, and operational practices within our Google Cloud Platform (GCP) environment. This role is crucial for ensuring the continuous effectiveness of our security controls and maintaining a strong security posture.

The ideal candidate will possess a deep understanding of security best practices, operational methodologies, and compliance frameworks (especially SOC 2). While not primarily a hands-on technical role, you will leverage your strong technical acumen to guide security engineers, drive operational improvements, enhance threat awareness, and translate complex security data into actionable insights through effective dashboarding and reporting. You will be responsible for managing the lifecycle of security operations, fostering a culture of proactive security, and ensuring our operations align with Ford Credit's business objectives and regulatory requirements

Responsibilities

• Lead and manage day-to-day security operations, including security monitoring, incident response, vulnerability management, and threat intelligence processes.
• Develop, implement, and continuously refine security operations strategies and best practices to enhance the efficiency and effectiveness of our security posture in GCP.
• Oversee the lifecycle of security incidents, from detection and analysis to containment, eradication, recovery, and post-incident review.
• Drive the integration of threat intelligence into security monitoring and incident response workflows to improve detection and prevention capabilities.
• Implement and manage best practices for security logging, event correlation, and alert generation within the GCP ecosystem and integrated security platforms.
• Oversee the selection, implementation, and optimization of security operations tools, including SIEMs (e.g., Google Chronicle, Splunk), EDR, IDS / IPS, WAFs, and vulnerability scanners.
• Ensure the effective utilization of GCP-native security services such as Security Command Center, Cloud Logging, Cloud Monitoring, Cloud Armor, and IDS / IPS solutions for operational visibility and threat detection.
• Collaborate with security engineers to ensure security tools are properly configured, maintained, and integrated into operational workflows.
• Ensure all security operations and monitoring activities adhere to relevant regulatory and compliance frameworks, with a strong focus on SOC 2 requirements.
• Develop and maintain documentation for security operations processes, procedures, and controls to support audit requirements.
• Work closely with internal and external auditors during compliance assessments, providing evidence and explanations related to security operations.
• Drive continuous improvement in security operations to meet evolving compliance standards.
• Foster a culture of proactive threat awareness within the security operations team and across relevant stakeholders.
• Design, build, and maintain comprehensive security dashboards, metrics, and reports to provide clear visibility into security posture, operational performance, and key risk indicators for various audiences (technical teams to executive leadership).
• Communicate effectively on security incidents, threats, and operational status to stakeholders, ensuring timely and accurate information dissemination.
• Provide leadership, mentorship, and guidance to security engineers and analysts, fostering their professional growth and technical capabilities.
• Collaborate extensively with cross-functional teams (e.g., development, infrastructure, compliance, risk management) to ensure security operations are aligned with broader organizational goals.
• Manage vendor relationships for security tools and services relevant to security operations.

Qualifications

Preferred Qualification :

Skills Required

Security Monitoring, Vulnerability Management, Iso 27001, Incident Response, Threat Intelligence, nist