Job Description
Job Description:
Director of Cybersecurity Operations (Vertex Inc.)
Position summary
Vertex is seeking a Director of Cybersecurity Operations to lead the end-to-end operational
defense of the enterprise against modern, AI-enabled threats. This leader will build and
continuously improve a resilient, intelligence-driven cyber operations program across Security
Operations, Incident Response & Recovery, Threat Management & Testing, and Analytics & AI
Governance , while ensuring operational excellence across a multi-cloud environment.
Cybersecurity's operating model is being reshaped by AI: adversaries move faster, automate
reconnaissance and exploitation and use synthetic content to bypass traditional controls. In
parallel, organizations are rapidly deploying AI systems (LLMs, ML models, APIs, data
pipelines) that expand the attack surface and introduce new risk categories (prompt injection,
model/data poisoning, model extraction, data leakage, deepfakes). This role provides the
leadership required to operationalize AI-driven analytics and automation, enforce AI governance
guardrails, and maintain resilience, compliance, and trust at scale.
Reporting relationship
Reports to the CISO and partners closely with Cloud Engineering, Infrastructure/IT, Product &
Application Security, Risk & Compliance, Legal/Privacy, and Business Continuity.
What you'll do
Security Operations (AI-augmented defense & detection engineering)
• Lead a modern SecOps program delivering continuous monitoring, alert triage,
investigation, and response coordination across a multi-cloud environment.
• Own the strategy and execution for SIEM/SOAR, endpoint and identity telemetry, cloud
security signals, and centralized log management (collection, normalization, retention,
and integrity).
• Build and run a detection engineering function: develop, tune, and maintain detections
mapped to attacker behaviors (e.g., MITRE ATT&CK), validate coverage, and reduce
false positives.
• Operationalize AI-assisted triage and correlation (e.g., anomaly detection, alert
enrichment, case summarization) with measurable improvements in fidelity and analyst
efficiency.
• Establish guardrails for SecOps automation (human-in-the-loop controls, auditability,
testing, rollback procedures, and change governance).
Incident Response & Recovery (AI-enabled IR & forensics)
• Own the incident response lifecycle: readiness, identification, containment, eradication,
recovery, and post-incident lessons learned.
• Drive the development and maintenance of playbooks (including cloud-native, AI, and
identity-centric scenarios) and ensure consistent execution through training and exercises.
• Operationalize digital forensics and evidence handling capabilities (chain of custody,
investigation workflows, endpoint/cloud log forensics), including emerging needs such as
detection of synthetic artifacts and AI-enabled fraud.
• Partner with Business Continuity/DR teams to validate recovery strategies and ensure
response operations support resiliency objectives .
• Plan and execute tabletop exercises that simulate high-speed, AI-driven adversaries and
validate decision-making, communications, and escalation paths.
3) Threat Management & Testing (AI-enhanced intel, hunting, and purple
teaming)
• Build a threat management program that connects threat intelligence → detection
engineering → hunting → testing → remediation.
• Lead threat intelligence intake and prioritization efforts focused on Vertex's business
risks, including AI-enabled attacker tradecraft and cloud attack paths.
• Run proactive threat hunting using behavior-based hypotheses, analytics, and cross-
domain telemetry to uncover low-signal, multi-stage activity.
• Oversee enterprise penetration testing and adversary emulation, including assessments of
cloud control planes, identities, APIs, and AI/LLM attack surfaces where applicable.
• Establish a purple teaming cadence to continuously validate detection and response
effectiveness, improving readiness through measurable outcomes.
4) Analytics & AI governance (AI/security analytics and guardrails)
• Create a security analytics strategy that uses AI/ML and advanced correlation to improve
detection fidelity, accelerate investigations, and forecast operational risk.
• Partner with data, engineering, and governance stakeholders to ensure telemetry and
labeling are fit for analytics and model-driven detection
n.• Enforce AI governance alignment for security operations: policy, controls, and
monitoring for enterprise AI systems (model risk considerations, access controls, data
handling, prompt/input logging where appropriate , and adversarial testing expectations).
• Ensure AI-enabled security automation is validated , explainable where necessary,
auditable, and compliant-never blindly trusted.
Program leadership & operating model
• Set the strategy and roadmap for cyber operations, maintaining a high performing
Security Operations Function.
• Define and report operational KPIs (e.g., MTTD/MTTR, containment time, detection
coverage, false-positive rate, automation effectiveness, exercise outcomes).
• Establish vendor and service-provider governance (including MSSP/MDR where used),
SLAs, and quality controls.
• Communicate clearly with executives and stakeholders during incidents and program
reviews, translating technical risk into business impact.
Required qualifications
• 10+ years in cybersecurity with significant leadership experience in SecOps/SOC,
incident response, and detection/response engineering.
• Proven success operating security programs in multi-cloud environments and hybrid
enterprise architectures .
• Deep knowledge of SIEM/SOAR operations, detection engineering, log/telemetry
pipelines, endpoint/identity/cloud security telemetry, and incident command.
• Demonstrated ability to operationalize AI-driven security analytics and automation with
strong governance, testing, and auditability.
• Strong familiarity with incident response and forensics practices (e.g., NIST/industry-
aligned IR lifecycles), evidence handling, and post-incident improvement.
• Excellent leadership, hiring, coaching, and cross-functional influence; ability to drive
outcomes across engineering, IT, and business stakeholders.
Preferred qualifications
• Experience building or maturing threat intelligence, threat hunting, penetration testing,
and purple teaming programs.
• Hands-on understanding of AI/ML and LLM risk domains (prompt injection, data/model
poisoning, model extraction, sensitive data leakage, deepfake-enabled social engineering)
and practical mitigations.
• Experience in regulated environments and working with audit/compliance teams (e.g.,
SOC 2/ISO 27001/SOX/privacy obligations) in an operational security context.
• Relevant certifications (one or more): CISSP, CISM, GIAC (e.g., GCIH/GDAT/GCFA),
AWS/Azure security certifications, or equivalent.
Pay Transparency Statement:
US Base Salary Range: $157,900.00 - $205,400.00
Base pay offered to new hires may vary based upon factors including relevant industry and job-related skills and experience, geographic location, and business needs.* The range displayed does not encompass the full potential of the role, which allows for further growth and career progression.
In addition, as a part of our total compensation package, this role may be eligible for the Vertex Bonus Plan (VOB), a role-specific sales commission/bonus, and/or equity grants.
Learn more about Life at Vertex and connect with your recruiter for more details regarding Vertex's compensation and benefit programs.
*In no case will your pay fall below applicable local minimum wage requirements .