Corporate Security Operations Manager

About Onebrief

Onebrief is collaboration and AI-powered workflow software designed specifically for military staffs. By transforming this work, Onebrief makes the staff as a whole superhuman - meaning faster, smarter, and more efficient.

We take ownership, seek excellence, and play to win with the seriousness and camaraderie of an Olympic team. Onebrief operates as an all-remote company, though many of our employees work alongside our customers at military commands around the world.

Founded in 2019 by a group of experienced planners, today, Onebrief’s team spans veterans from all forces and global organizations, and technologists from leading-edge software companies. We’ve raised $320m+ from top-tier investors, including Battery Ventures, General Catalyst, Sapphire Ventures, Insight Partners, and Human Capital, and today, Onebrief is valued at $2.15B. With this continued growth, Onebrief is able to make an impact where it matters most.

About the Role

We're hiring a Corporate Security Operations Manager to lead our Corporate Security Operations team. This is a strategic role focused on the security posture of the Corporate IT environment.

You'll report to our Director of Corporate IT & Security and work closely with the Corporate Security Engineering team and GRC team. This role blends hands-on security operations leadership with program-level ownership of detection strategy, monitoring quality, and operational maturity—balancing day-to-day oversight of analysts and threat hunters with long-term improvements in tooling, automation, and measurable risk reduction. You'll help ensure the corporate environment and commercial Onebrief infrastructure are continuously monitored with clarity and purpose, strengthen detection coverage and signal quality, support incident investigations with disciplined operational execution, and provide leadership with clear, defensible insight into our security posture.

We’re looking for someone who is a steady, experienced security operations leader who can build and run a high-performing corporate monitoring and detection function—someone with strong technical fluency, sound operational judgment, and the ability to support incidents effectively. You know how to improve signal quality, drive measurable detection coverage, and ensure your team delivers consistent, reliable monitoring that leadership and compliance stakeholders can trust.

About You

You are an experienced security operations leader who understands that effective monitoring is about clarity, consistency, and measurable outcomes—not just alert volume. You have led analysts or detection engineers before and know how to build accountability without creating friction. You are comfortable improving processes, tuning detections, and raising operational standards while keeping your team focused on high-signal work.

You think in terms of coverage, quality, and maturity. You understand how SIEM, EDR, identity telemetry, and SaaS logs work together to provide visibility across an enterprise. You know how to translate operational metrics into meaningful insight for leadership and compliance stakeholders. You are steady under pressure, thoughtful in your decision-making, and disciplined about documentation and follow-through.

You value structure, continuous improvement, and defensible evidence. You understand how corporate monitoring supports frameworks like CMMC 2.0 and NIST 800-53, and you take pride in running an operation that is reliable, audit-ready, and aligned to organizational risk tolerance.

What You'll Do

Set direction

Own the strategy and maturity roadmap for corporate monitoring, detection engineering, and operational security metrics. Define logging standards, detection coverage expectations, and measurable performance indicators for the team.

Support the team

Lead and develop Corporate Security Operations Analysts and the Corporate Threat Hunter & Detection Analyst through coaching, clear performance expectations, and structured feedback. Remove blockers, improve workflows, and ensure the team is focused on high-impact work.

Raise the bar

Continuously improve alert quality, detection coverage, triage workflows, and operational automation. Reduce false positives, strengthen telemetry visibility across corporate SaaS and infrastructure, and ensure monitoring outputs are accurate and defensible.

Collaborate cross-functionally

Partner with Security Engineering, IT, Compliance, and leadership to ensure monitoring supports configuration baselines, vulnerability management efforts, and regulatory commitments. Provide clear, actionable insight during investigations and ongoing risk discussions.

Shape how we work

Establish consistent operational rhythms for reporting, detection reviews, and after-action analysis. Maintain structured documentation, metric reporting, and continuous improvement processes that strengthen operational maturity over time.

What We Look For

• 5–8+ years of experience in security operations, detection engineering, or incident response, with at least 2+ years leading analysts or technical security teams

• Hands-on experience with SIEM and EDR platforms, including alert tuning, dashboard creation, and detection optimization

• Demonstrated ability to improve monitoring quality by reducing false positives and increasing meaningful detection coverage

• Experience defining and tracking operational metrics (e.g., MTTD, MTTR, alert fidelity, detection coverage) and presenting results to leadership

• Strong understanding of enterprise logging across endpoints, identity providers, SaaS platforms, and cloud environments

• Familiarity with regulated environments (e.g., CMMC 2.0, NIST 800-53, SOC 2, or similar frameworks) and the role monitoring plays in audit defensibility

• Experience supporting incident investigations in coordination with internal stakeholders and external DFIR partners

• Proven ability to build structured workflows, documentation standards, and repeatable operational processes

• Strong communication skills with the ability to translate technical operational data into clear risk narratives

• Sound judgment, steady leadership presence, and the ability to balance operational execution with long-term program improvement

Security & Privacy Roles and Responsibilities

• Act as the operational owner of corporate security monitoring and detection capabilities, ensuring consistent and effective oversight of enterprise telemetry.

• Ensure protection of the confidentiality, integrity, and availability of corporate systems and data through continuous monitoring and validated detection coverage.

• Ensure privacy-impacting security events are identified, documented, and escalated in coordination with Legal, Compliance, and executive leadership.

• Ensure logs, alerts, investigative artifacts, and operational metrics are accurate, access-controlled, and retained in accordance with policy and regulatory requirements.

• Enforce principles of least privilege, segregation of duties, and monitoring of privileged activity within corporate systems.

• Ensure analysts follow established data handling, evidence preservation, and documentation standards during investigations.

• Participate in risk evaluation and escalation discussions, providing operational insight into detection gaps or control weaknesses.

• Maintain alignment between corporate security operations, regulatory commitments (e.g., CMMC 2.0, NIST 800-53), and organizational privacy obligations.

Notice to Third Party Recruitment Agencies
Please note that Onebrief does not accept unsolicited resumes from recruiters or employment agencies. In the absence of an executed Recruitment Services Agreement, there will be no obligation to any referral compensation or recruiter fee. In the event a recruiter or agency submits a resume or candidate without an agreement Onebrief explicitly reserves the right to pursue and hire those candidate(s) without any financial obligation to the recruiter or agency. Any unsolicited resumes, including those submitted to hiring managers, shall be deemed the property of Onebrief.