Manager, Security Operations Center

About Poshmark

Poshmark is a leading fashion resale marketplace powered by a vibrant, highly engaged community of buyers and sellers and real-time social experiences. Designed to make online selling fun, more social and easier than ever, Poshmark empowers its sellers to turn their closet into a thriving business and share their style with the world. Since its founding in 2011, Poshmark has grown its community to over 130 million users and generated over $10 billion in GMV, helping sellers realize billions in earnings, delighting buyers with deals and one-of-a-kind items, and building a more sustainable future for fashion. For more information, please visit www.poshmark.com, and for company news, visit newsroom.poshmark.com.

As the Security Operations Center (SOC) Manager at Poshmark, you will lead the critical mission of protecting our platform and 150 million Poshers from cyber threats. You will ensure operational excellence by overseeing the full incident response lifecycle—from threat detection to recovery—to significantly reduce risk. Your strategic leadership will enhance Poshmark's security posture, ensuring resilience, maintaining customer trust, and helping business grow. This role serves as the crucial link between strategy, policy and day today operations, translating complex issues into clear actionable insights.

Responsibilities:

• Develop, review, and maintain high-quality SOC playbooks and runbooks to streamline investigations and standardize response procedures.

• Drive improvements in detection, alerting, and incident response capabilities through automation, orchestration, and process refinement.

• Oversee the SOC’s daily operations, ensuring continuous monitoring and analysis of security event logs and alerts to promptly identify and escalate security incidents.

• Lead and coordinate end-to-end security incident management, including investigation, containment, eradication, recovery, and post-incident review.

• Direct root-cause analysis of sophisticated security incidents and targeted attacks across systems, networks, cloud environments, and application layers.

• Oversee tuning of security alerts to reduce false positives and increase operational efficiency; implement automated responses where appropriate.

• Partner closely with SRE, Cloud Security, IT Operations, Threat Intelligence, and other security teams to ensure timely remediation of identified issues.

• Manage SIEM strategy and operations, including onboarding new log sources, optimizing alert logic, and enhancing detection capabilities.

• Lead deployment and management of security monitoring solutions across all organizational environments.

• Guide and supervise threat-hunting initiatives to proactively identify malicious activity, suspicious behaviors, and emerging threats.

• Leverage threat intelligence, indicators of compromise (IOCs), and contextual data to enrich investigations and improve detection fidelity.

• Manage SOC-related projects, roadmap planning, team development, and operational execution.

• Champion the design and deployment of automated incident response workflows using SOAR and cloud-native automation tools to reduce analyst workload and accelerate containment.

• Implement automation playbooks that trigger predefined actions—such as isolating hosts, disabling compromised accounts, enriching alerts, or blocking malicious indicators—to improve response speed and consistency across the SOC.

• Evaluate emerging technologies, including AI-driven SOC analyst tools, and lead their implementation within the security operations environment.

Minimum Qualifications:

• Minimum of 8 years of experience in a Security Operations role, with progressive leadership responsibilities.

• Minimum of 3 years of experience in managing a team of Security engineers, analysts etc.

• Experience with security technologies including SIEMs, firewalls, IDS/IPS, EDR, and vulnerability management tools.

• Hands-on experience leading or supporting security incident response and remediation activities.

• Experience with cloud security concepts, tools, and monitoring technologies (e.g., AWS, GCP, Azure).

• Strong understanding of SOC operations, logging pipelines, and security monitoring frameworks.

• Lead a global team of soc analysts to support the 24x7 model.

Preferred Qualifications:

• Experience in Incident Response, Threat Hunting, Malware Analysis, or Digital Forensics.

• Experience working with SRE, DevOps, or SecDevOps teams in a collaborative operational environment.

• Relevant certifications such as GCIA, GCIH, GCFA, CISSP, or equivalent.

• Experience with scripting (Python, Bash, PowerShell) and automation frameworks.

• Prior experience managing or mentoring technical teams within a security function.

6-Month Accomplishments:

• Consistently oversee and ensure timely execution of security incident investigation, containment, eradication, and recovery. Validate that incidents are fully resolved and documented, with lessons learned integrated into SOC processes.

• Maintain awareness of the evolving threat landscape by leveraging threat intelligence feeds, conducting regular research, and engaging with the security community.

• Deliver new high-fidelity detections and mature, actionable incident response playbooks for key attack scenarios. Ensure the SOC team is trained and aligned on newly implemented processes.

12+ Month Accomplishments:

• Achieve measurable reductions in Mean-Time-to-Detect (MTTD) and Mean-Time-to-Respond (MTTR) through strategic automation, improved workflows, and optimized tooling.

• Demonstrably improve the organization’s overall security operations posture by continuously enhancing detection logic, developing high-fidelity alerts, and maintaining an up-to-date library of incident response playbooks.

• Successfully lead medium- and large-scale projects aimed at strengthening security visibility, detection maturity, threat-hunting effectiveness, and SOC operational excellence.

• Establish a robust automation framework that integrates SOAR, scripts, and cloud-native tooling to streamline detection, enrichment, and response at scale.