Manager, Cyber Threat Operations

At GAF, we cover more than buildings. We cover each other. No matter what role, tenure, or track, under this roof you are empowered to be there for your teammates, your customers, and especially your community. Under this roof, we don’t back down from hard work– we support one another in pursuit of something bigger. We define the future while leading the present. And under this roof, we own our opportunities. Becoming the market leader only happens when everyone feels they have the opportunity, and the support, to thrive. We are GAF. And under this roof, we protect what matters most.

We are seeking a highly motivated and technically proficient Manager of Cyber Threat Operations to lead a team of cybersecurity experts. This is a role for a hands-on leader who is passionate about diving into the technical details while also mentoring and guiding a team responsible for protecting our organization. You will be at the forefront of our defense, leading critical services including threat intelligence, threat hunting, incident response, and purple teaming. You are the ideal candidate if you thrive in high-stakes environments, enjoy both strategic leadership and hands-on-keyboard analysis, and are driven to build and develop a world-class cybersecurity team.
Essential Duties

• Leadership & Strategy:
  • Lead and Mentor: Manage a global team of security analysts and engineers, fostering a culture of technical excellence, continuous learning, and collaboration. Provide regular coaching, performance feedback, and career development guidance.
  • Strategic Direction: Develop and execute the roadmap for cyber threat intelligence, hunting, incident response, and purple teaming services to align with business objectives and the evolving threat landscape.
  • Stakeholder Communication: Effectively communicate complex technical findings, incident statuses, and strategic recommendations to both technical and executive audiences.
  • Process Improvement: Drive the continuous improvement of security operations playbooks, procedures, and team capabilities

• Hands-On Technical Execution:
  • Cyber Incident Response: Act as a senior incident responder during major security events, providing technical guidance and hands-on support for containment, eradication, and recovery. Perform analysis on compromised systems. Create and test incident response plans.
  • Cyber Threat Hunting: Lead and participate in proactive, hypothesis-driven threat hunts across our enterprise networks and cloud environments using EDR, SIEM, and other security data sources. Develop novel hunting techniques and analytics.
  • Cyber Threat Intelligence (CTI): Oversee the CTI lifecycle, from collection and analysis to dissemination. Personally analyze and contextualize intelligence from various sources to inform defensive actions and hunting missions.
  • Purple Teaming: Plan, coordinate, and participate in purple team exercises, working collaboratively to test, measure, and improve our security controls and detection capabilities.

Qualifications Required

Applicants currently residing in the following states will be considered: AK, AZ, CA, CO, CT, ID, IL, IN, KS, KY, MA, ME, MI, MN, MT, ND, NE, NJ, NM, NY, OR, RI, TX, UT, VT, WI, WV, HI, SD, WY

• Bachelor’s Degree Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience

• 8+ years of experience in cybersecurity with at least 5 years in a hands-on technical role focused on one or more of the following: Incident Response (IR), Threat Hunting, or Cyber Threat Intelligence (CTI).

• 2+ years of experience in a leadership capacity.

• Deep, hands-on experience with core security technologies such as SIEM, EDR, and Network Security Monitoring tools.

• Proven experience leading the response to significant cybersecurity incidents (e.g., ransomware, APT intrusions).

• Strong understanding of the modern threat landscape, attacker TTPs (Tactics, Techniques, and Procedures), and cybersecurity frameworks like MITRE ATT&CK and the Cyber Kill Chain.

• Excellent communication skills, with the ability to translate complex technical concepts for non-technical stakeholders.

Qualifications Preferred

• Master’s degree  preferred 

• Advanced industry certifications such as GCIH, GCFA, GCFE, GREM, GNFA, OSCP, or similar.

• Proficiency in scripting or programming for automation and analysis (e.g., Python, PowerShell, KQL).

• Experience conducting digital forensics and memory analysis on Windows, Linux, and macOS systems.

• Experience designing and executing formal purple team exercises.

• Experience working in a large, global, and geographically distributed organization.

Base salary and/or rate of pay ranges listed are exclusive of fringe benefits and potential bonuses. Individual compensation offers will be determined based on a variety of factors, including but not limited to geographic location, relevant candidate experience and skill, education, and/or qualifications.

Base Salary Range: $153,000-$195,500

How We Protect What Matters Most:1. We offer a wide range of health insurance options that include medical, dental, and vision for you and your family. 2. Our Family-Building benefits support the many different journeys to fertility and parenthood. 3. Our robust 401K plan includes an employer match contribution with your pre-tax and/or Roth contributions. 4. Other exciting programs and perks are available to help employees achieve work-life balance, including (but not limited to) a wellness program, free financial coaching, a referral program, and product rebates when purchased for an employee’s primary residence. 5. Professional growth and development are very important to us! We offer internal training programs and courses, as well as a generous tuition reimbursement program. 6. We're committed to fostering a culture that reflects our values to connect, empower, evolve, and inspire. We offer many opportunities for employees to connect with one another, including through our Employee Resource Groups who focus on education and allyship for all of our employees.

GAF complies with federal, state, and local disability laws and makes reasonable accommodations for applicants and employees with disabilities. If a reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact HR Services at 833-HR-XPERT.

We believe our employees are our greatest resource. We offer competitive salary, benefits, 401k, and vacation packages for all full time permanent positions. We are proud to be an equal opportunity workplace and GAF, Standard Logistics, SGI, and Siplast are proud to be affirmative action employers. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. If you have a disability or special need that requires accommodation, please let us know. If applying for positions in the U.S., must be eligible to work in the U.S. without need for employer sponsored visa (work permit).