PayScale

Director, Security Engineering & Operations

PayScale$150K — $180K *
US-AnywhereRemote in United States
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 10+ years in information security, with 4+ years in a management role in security engineering or operations.
  • Proven track record in people management, overseeing performance cycles and team development in security contexts.
  • Hands-on expertise in security engineering (control design, automation) and operations (incident detection and response).
  • Experience managing relationships with MDR or MSSP vendors.
  • Strong understanding of cloud security (preferably AWS), endpoint security, and zero-trust architecture.
  • Proficient in vulnerability management and mitigation strategies.
  • Scripting skills in PowerShell, Python, or Bash.

Responsibilities

  • Direct and manage security engineering and operations teams, focusing on hiring, development, and performance evaluations.
  • Set strategic objectives and create measurable roadmaps for security functions, fostering a high-performance culture.
  • Mentor team members, providing guidance and technical coaching across various career levels.
  • Ensure continuous incident response coverage through effective management of on-call responsibilities.
  • Architect and implement robust security controls across corporate and cloud environments.
  • Oversee and enhance security monitoring capabilities and automated responses using existing security tools.
  • Collaborate cross-functionally to incorporate security measures into CI/CD and product development.

Benefits

  • Flexible paid time off for rest and recharge.
  • 14 paid company holidays plus 2 floating holidays of your choice.
  • Comprehensive health benefits plan, fully covered by Payscale including medical, dental, vision, and disability insurance.
  • Unlimited infertility treatment coverage available through medical plans.
  • 401(k) plan with immediate fully vested company matching contributions.
  • 16 weeks of paid parental leave for all parents.
  • Annual remote work stipend for wellness or home office equipment.
Full Job Description
Job Summary

The Director, Security Engineering & Operations directs, manages, and leads Payscale's

Security Engineering and Eecurity Operations functions. This is a hands-on leadership role:

the Director sets strategy and manages the team while remaining directly engaged in

architecture, tooling, automation, and incident command. Responsibilities span the design

and hardening of security controls, threat detection and incident response, vulnerability

and exposure management, endpoint and identity protection, and security automation

across Payscale's corporate, cloud, and hosting environments. The Director owns

Payscale's MDR relationship and is accountable for the maturity, performance, and

roadmap of both functions.

This role reports to the CISO, VP - Cybersecurity & Enterprise Technology.

What You'll Do

Leadership & People Management
  • Direct, manage, and lead the security engineering and security operations team
    members; own hiring, onboarding, performance reviews, and career development
    plans aligned to Payscale's Information Security Career Ladder
  • Set strategy and quarterly/annual objectives for both functions and translate them
    into a prioritized, measurable roadmap; hold regular 1:1s and team connects to
    maintain a high-performance, feedback-rich culture
  • Mentor engineers and analysts at all career levels, providing task-based directives,
    technical coaching, and growth-oriented feedback
  • Own the on-call rotation and after-hours escalation path across both functions,
    ensuring coverage for time-sensitive detection and response
  • Serve as a working leader - remaining hands-on in engineering, architecture, and
    incident response rather than leading solely through delegation
    Security Engineering
  • Own the design, implementation, and continuous hardening of security controls
    across corporate, cloud, and hosting environments
  • Build and maintain security automation and integrations - SOAR, detection-as-
    code, and infrastructure-as-code guardrails - to scale coverage without adding
    headcount
  • Engineer and operate the security tooling stack (EDR/XDR, SIEM, identity
    protection, DLP/CASB, vulnerability scanning), ensuring platforms are well-
    integrated and meet architectural standards
  • Partner with Engineering and Infrastructure to embed "secure by design" into
    CI/CD, cloud architecture, and product development
  • Drive adoption of a zero-trust methodology across identity, endpoint, network, and
    application layers
  • Lead security engineering for enterprise AI and agentic tooling adoption, building
    controls and guardrails for safe internal use
    Security Operations & Incident Response
  • Drive the threat detection and incident response capability: detection engineering,
    playbook development, tabletop exercises, and continuous improvement of
    MTTA/MTTR metrics
  • Lead or oversee incident response events as the designated incident manager for
    significant or multi-team incidents, running incident command end-to-end
  • Own the MDR relationship, holding the provider accountable to SLAs, coverage,
    and response outcomes
  • Extend detection and response to secure enterprise AI and agentic tooling
    adoption
    Vulnerability & Exposure Management
  • Own the vulnerability and exposure management function across all corporate and
    hosting environments, coordinating cross-functionally on mitigation and
    remediation with clear SLAs
  • Expand security monitoring, visibility, and coverage using existing platforms and
    open-source tooling
    Program, Metrics & Stakeholder Engagement
  • Own the security engineering and operations portion of the Information Security
    program roadmap, delivering operational metrics, risk-posture data, and capacity
    analysis
  • Establish and report security KPIs to technology and executive leadership on a
    regular cadence
  • Collaborate with the GRC team on ISO 27001 and SOC 2 evidence, control
    effectiveness, and audit readiness as it relates to security engineering and
    operations
  • Lead technical evaluations of emerging security vendors and technologies; provide
    buy/build/partner recommendations to technology management
  • Represent security engineering and operations in cross-functional product,
    engineering, and infrastructure initiatives, ensuring security requirements are
    incorporated by design

What We're Looking For
  • 10+ years in information security, including 4+ years in a lead or management role
    across security engineering and/or security operations functions
  • Proven people-management track record: direct reports, performance cycles, and
    team development in a security context
  • Expert, hands-on knowledge of both security engineering (controls design,
    automation, tooling integration) and security operations (detection, incident
    response) - capable of acting as architect, engineer, incident handler, lead, and
    manager
  • Experience with the CrowdStrike Falcon platform (EDR, Identity Protection, Data
    Protection, AIDR, ZTA, Exposure Management) and SIEM/SOAR orchestration
  • Demonstrated experience owning or managing an MDR or MSSP vendor
    relationship
  • Strong foundation in cloud security (AWS preferred), endpoint security, identity and
    access management, and zero-trust architecture
  • Strong experience in vulnerability and exposure management and
    mitigation/remediation strategies
  • Scripting and automation ability in PowerShell, Python, or Bash; comfortable with
    detection-as-code and infrastructure-as-code approaches
  • Experience with the MITRE ATT&CK framework and the ability to map operational
    data to TTPs for structured threat analysis
  • Experience building operational, engineering, and vulnerability metrics and
    management reporting, and driving improvement through a regular reporting
    cadence
  • Experience with zero-trust networks and platforms such as Cloudflare, Zscaler, or
    AppGate
  • Experience with Data Loss Prevention and CASB architectures and tooling such as
    Forcepoint, Netskope, or Zscaler
  • Familiarity with SOAR and automation platforms such as Tines, n8n, or Ansible

Nice to Have
  • Certifications such as CISSP or CISM
  • Experience in a remote-first SaaS and/or PE-backed environment

Location

Payscale has an employee centric remote-first model that provides you the flexibility to do your best work in a space that supports you, while also finding time to collaborate in person for the moments that matter.

In our remote-first model, employees can work from the location that works best for them. We do not have centralized corporate offices. Employees can choose to work from home, in company-paid co-working spaces, or any combination of the two that best suits their unique needs.

If you work from home, we recommend ensuring that you can meet the following technology, equipment and workspace requirements:
  • High-Speed Internet - A stable broadband or fiber connection (satellite is highly discouraged) with a minimum speed of 100 Mbps in a dedicated workspace that has a reliable Wi-Fi signal.
  • Device for Multifactor Authentication (MFA/2FA) - smartphone, tablet, etc.

When it matters (usually no more than a few times a year) we take the time to gather for in-person events.

Payscale has employees across the US, Canada, UK, The Philippines and Romania however we are currently unable to hire in the Quebec Province, Northern Ireland, and Hawaii.

Benefits and Perks

All around awesome culture where together we strive to live our 5 values:
  • Data informed decision making.
  • Customer first. Always.
  • Succeed together.
  • Relentless about results. Obsessed with excellence.
  • Lead the change. Shape the standard.

An open and inclusive environment where you'll learn and grow through programs and resources like:
  • Monthly company All Hands meetings
  • Regular opportunities for executive leadership exposure through things like AMAs
  • Access to continued learning & development opportunities
  • Our commitment to a continuous feedback culture which allows us to drive performance and career growth
  • A growing network of Employee Resource Groups
  • Company sponsored volunteer hours
  • And more!

Our more standard benefits
  • Flexible paid time off, giving you the opportunity to rest, relax and recharge away from work
  • 14 Paid Company Holidays, includes 2 floating holidays (you choose!)
  • A comprehensive benefits plan including medical, dental, life, vision, disability, and life insurance covered up to 100% by Payscale
  • Unlimited infertility coverage benefits through our medical plans
  • Additional supplemental health benefits offered to you and your family
  • 401(k) retirement program with a fully vested immediate company match
  • 16 weeks of paid parental leave for birthing and non-birthing parents
  • Health Savings Account (HSA) options and company contributions each pay period
  • Flexible Spending Account (FSA) options for pre-tax employee allocations
  • Annual remote work stipend to be used on wellness or home office equipment

About PayScale

PayScale is a compensation data and software company. It provides compensation data, software, and services to employers and employees. The company's products are used by employers to establish and maintain competitive and appropriate compensation programs for their employees. PayScale's products are also used by employees to determine their market value and negotiate salaries. The company was founded in 2002 and is headquartered in Seattle, Washington.
Learn more about PayScale
Size
500 employees
Industry
Founded
2002

Similar Jobs

More Jobs at PayScale

More Information Technology Jobs

Find similar Director, Security Engineering & Operations jobs: