Location: San Antonio, Texas, USA

Ready to make an impact? Arctic Wolf is looking for a Manager, Security Operations to join our pack.

Arctic Wolf, the leader in security operations, is a fast-growing company in an exciting and fast-growing industry—Cybersecurity. How fast are we growing? Well, Arctic Wolf ranks #25 on the Deloitte Fast Technology 500 for North America in 2019!  We have doubled headcount, customers, and revenue for five years running. 

We are also cultivating a collaborative and productive work environment that welcomes a diversity of backgrounds and ideas to make our teams even stronger. In fact, we are considered among the 2020 Best Places to Work by bizjournals.com.  

At Arctic Wolf, we believe in corporate responsibility. Our offices across North America participate in volunteer programs throughout their communities, and we earned distinction from TravelWise for our efforts in promoting sustainable transportation. 

About the Role: 

The Manager of Security Operations is responsible for hiring and training all team SOC Triage Security Engineers and Security Analysts. The team delivers 24x7x365 detection, response, and customer engagement for our Managed Detection & Managed Risk service. This leader will own processes, SLA metrics and reporting, execution of the processes, measuring leading indicators of SLA attainment issues (along with immediate action to curb any SLA misses), and trending of all.  This is in addition to performance management and development to the individual contributors and Team Leaders within the organization. The Security Operations Manager is responsible for effective communication between the Concierge Organization, Customers and Partners, Research and Development, and the Customer Success and Product Management organization.

The Manager of Security Operations is responsible for a functional process and the performance of the iSOC.  This may take the form of Incident Triage, Ticket Triage, or any other functional role that is required to deliver exceptional value to customers.  This team member will partner with Product Management to drive enhancements and evolution of the function they own and improvements within the platform that the team uses.

The Triage Engineers and Security Analysts are responsible for investigation and incident response capabilities for all customers.  The Manager of Security Operations is capable to lead the team through the process and execute effectively when customer breaches require immediate investigation.

This role reports into the Director of the Security Operations and will have Team Leads reporting directly into them and/or technical individual contributors.  Development of Team Leads as an extension of the day-to-day operations and execution of the Triage function will be paramount.

This role will require occasional travel between our Security Operations Centres as team members and peers are split across our various locations.


  • Operate the world’s leading 24x7 Security Operations Center. While this role is considered business hours, the support for the team; which may take form in after hours from time to time is expected.
  • Be a subject matter expert on event monitoring, triage, and response capabilities.
  • Lead daily operations for a dedicated team of Technical Security Engineers performing managed Detection & Response services.
  • Manage a 10+ member team of Security Analysts and Triage Engineers who are accountable for the execution of detection, response, and customer requests. The team members vary from 2 years to 25+ years experience.
  • Develop, enhance, and operationalize processes to better execute customer expectations.
  • Develop, measure, analyze, and maintain the internal and external service metrics for Service Operation, providing timely reports to leadership teams.
  • Leverage metrics to make better informed decisions on how to improve the capability and functionality of the organization.
  • Drive people management responsibilities for their organization
  • Provide escalation support for both customer management challenges, security incidents, and ticket triage functions.
  • Lead, coordinate, and train others on effective management of security incidents and operational responses for customers.
  • Lead post-incident analysis and documentation to ensure accurate root causes of incidents are identified, appropriate preventive actions are realized and tracked, and reduce likelihood of future cybersecurity events across all customers.
  • Effectively work with the R&D organization to improve detection capabilities proactively, from best practices, and lessons learned from post-mortems of customer experiences and feedback.
  • Ensure that the organization stays current with new and emerging threats, security risks, and potential impacts to the business
  • Seek innovative approaches to security incident response programs
  • Assist with various audit of internal compliance to cybersecurity policies
  • Interact with senior organizational leaders as required to facilitate the effective handling of incidents or delivery of triage
  • Communicate exceptionally well with business and technical audiences
  • Work with Product Management, R&D and the larger Security Services teams to ensure the Triage service has all tool and metrics to effectively deliver the triage service to customers.
  • Ability to lead remote team members, as not all team members will be in the local office

Required Skills and Experience: 

  • A degree in Cybersecurity or equivalent and 5+ years experience working and managing within a SOC or support or customer facing function. 
  • 2+ years experience leading teams
  • Passion for developing high performance teams
  • Cybersecurity practical experience in the identified function (incident or ticket triage)
  • Passion for Cybersecurity. Continually learning new attack vectors, new threats, and security framework expertise. 
  • Strong and demonstrated ability to define effective security processes. Ability to identify opportunities in current processes and take action to roll out necessary changes. 
  • Knowledge of industry adopted frameworks and methodologies (MITRE ATT&CK, CIS, NIST, ISO, PCI-DSS, etc)
  • BS or Diploma in Computer Science, 4 years in a security role, or university degree in a Computer Security program desirable
  • Ability to lead a technology-focused and driven SecOps team, to balance and prioritize across a fast-paced, growth-oriented global environment and to manage the team’s coverage and growth.
  • Proven ability to rapidly analyze complex technical security threats and incident information to be able to communicate business-impacting risk to non-technical audiences.
  • Ability to work independently, manage projects, and exercise judgement in reaching solutions.
  • Demonstrated success in delivering analysis via a creative approach with the mindset of an adversary.
  • Strong verbal and written communication required. Must be able to articulate written information to customers.
  • You will be required to attend training, seminars, conferences, and webinars relevant to job role to enhance current knowledge base and skill set in order to improve job performance and efficiency. 

Employment Requirements:

Each successful candidate will be required to pass a criminal background check and an employment verification as a condition of employment.

Security Requirements:

  • Conducts duties and responsibilities in accordance with AWN’s Information Security policies, standards, processes and controls to protect the confidentiality, integrity and availability of AWN business information.
  • Other industry certifications such as Bachelors or Masters Degrees in IT/Computer Science, Cybersecurity, CISSP, etc
  • Background checks are required for this position

Working at Arctic Wolf: 

Arctic Wolf recognizes that success comes from delighting our customers, so we work together to ensure that happens every day. We believe in diversity and inclusion, and truly value the unique qualities all employees bring to the organization. And we appreciate that—by protecting people’s and organizations’ sensitive data— we get to work in an industry that is fundamental to the greater good.  

All wolves receive compelling compensation and benefits packages, including:  

  • Equity for all employees
  • Paid parental leave
  • Training and career development programs 

If you're excited about this role, but do not meet all of the qualifications listed above, we encourage you to apply anyway. We review all applications and still may consider you the right person for the role or have another open position where you’re the perfect fit. 

Arctic Wolf is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, genetics, or any other basis forbidden under federal, provincial, or local law.

Arctic Wolf is committed to fostering a welcoming, accessible, respectful, and inclusive environment that ensures equal access and participation for people with disabilities. Please let us know if you require any accommodations by emailing recruiting@arcticwolf.com


Apply for this Job

* Required


Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Arctic Wolf’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.