Exostar

Manager, Intelligence and Operations

Exostar$120K — $150K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 10+ years in information security or IT security roles.
  • 3+ years in technical security leadership or management positions.
  • Strong expertise in security operations and incident response.
  • Experience securing Azure and Microsoft 365 in regulated environments.
  • Familiarity with SIEM platforms, EDR, and vulnerability management tools.
  • Knowledge of aligning security controls with regulatory frameworks like FedRAMP and NIST.
  • Excellent communication and prioritization skills.

Responsibilities

  • Manage daily operations of security monitoring and incident response.
  • Serve as technical escalation point for security incidents.
  • Lead incident response and threat intelligence for cloud security.
  • Ensure continuous 24/7 security operations through oversight.
  • Guide operational leadership for Azure security controls and monitoring.
  • Partner with teams to integrate security into DevSecOps practices.
  • Direct and enhance the Vulnerability Management program.

Benefits

  • Hybrid work environment (3 days in-office).
  • Opportunities for leadership development and mentoring.
  • Collaboration with cross-functional teams including engineering and compliance.
  • Potential for professional certification assistance and training.
  • Participation in strategic decision-making related to security direction.
Full Job Description
Job Overview:

This individual will serve as the Manager of the Security Intelligence and Operations team within the Exostar Security Office (ESO) and report to the CISO & VP of Information Security. This person leads Exostar's centralized security operations and security platform capabilities supporting highly regulated cloud services for Aerospace & Defense and Life Sciences customers. This role is accountable for the operational effectiveness, maturity, and strategic evolution of Exostar's security monitoring, incident response, vulnerability management, and cloud security capabilities, with a strong emphasis on Azure and Microsoft 365-based FedRAMP and managed service offerings.

This position partners closely with security governance, compliance, and architecture. The role supports audits and regulatory activities by ensuring security operations, evidence, and response capabilities function as designed, while primary ownership for control design and compliance strategy resides with a dedicated team.

This position combines technical security leadership with people, vendor, and program management, ensuring security operations scale effectively, remain compliant with regulatory obligations, and align with business growth. While technical depth is required, success in this role depends on the ability to set direction, prioritize work, mature processes, and leading through others.

The team consists of one direct-report security engineer and a rotating group of contractors providing 24/7 monitoring, engineering support, and continuous monitoring activities

Responsibilities Include:

Security Operations Leadership
  • Own the day-to-day and strategic operation of security monitoring, incident response, and threat detection across cloud and on-prem environments.
  • Serve as the technical escalation and decision authority for security incidents, advising executive stakeholders and acting as a core member of the Crisis Response Team.
  • Lead and mature incident response, digital forensics, and threat intelligence capabilities across Azure, Microsoft 365, and supporting infrastructure.
  • Ensure 24/7 security operations coverage through effective contractor oversight, clear runbooks, and defined escalation paths.
  • Cloud & Microsoft Security Focus
  • Provide operational leadership and direction for security controls and monitoring related to Azure, Microsoft Entra ID, Defender, Sentinel, Secure Score, and Microsoft 365.
  • Partner with engineering and product teams to embed security in DevSecOps.
  • Advise on secure cloud architecture decisions and ensure security tooling aligns with multi-tenant and regulated service models.

Vulnerability, Risk & Operational Assurance
  • Direct the Vulnerability Management program, covering infrastructure, applications, and cloud configurations.
  • Lead threat hunting and operational risk assessments, identifying gaps in detection, response, and visibility.
  • Support audits and compliance activities by providing operational evidence, incident records, and control validation.
  • Provide input and recommendations to governance and architecture teams based on operational findings and observed risk trends.

Security Technology & Program Management
  • Own the security tooling ecosystem, including SIEM, EDR, IDS, email security, DLP, and application control technologies.
  • Develop and maintain security technology roadmaps, evaluating new tools and capabilities based on risk reduction, scalability, and cost/benefit.
  • Drive standardization, documentation, and operational maturity through SOPs, playbooks, and metrics.

People, Vendor & Stakeholder Management
  • Coach and mentor the security engineer and contractors, setting clear expectations, priorities, and performance standards.
  • Balance contractor-driven execution with internal ownership, ensuring knowledge retention and accountability.
  • Partner closely with IT, Cloud Engineering, Product, Compliance, and Executive Leadership to integrate security into business initiatives.
  • Communicate complex security topics clearly to both technical and non-technical stakeholders.
  • Drive strategic and operational direction to the team, and maintain responsibility for ensuring the maintenance, operations, and support of complex security products.
  • Provide leadership & technical expertise of Threat Intelligence, Incident Response, and Forensics activities in cloud (Azure/M365) and on-premise environments
  • Ability to advise on technical solutions in alignment with compliance requirements, including FedRAMP, NIST 800-171, CMMC, UK Cyber Essentials, and ISO 27001.
  • Manage and refine the security monitoring tools suite including SIEM, Endpoint protections, IDS, Detection and Response (EDR), Email Gateway, Application Whitelisting, and DLP.
  • Knowledge of Azure cloud and security technologies including EntraID, Defender for Cloud, and Secure Score.
  • Lead and conduct Risk assessments and routine threat hunts of the environment and develop solutions to address issues identified.
  • Direct and evolve the Vulnerability Management program with experience in infrastructure, application (DAST), and code scanning (SAST/SCA/IaC) technologies.
  • Provide advice and recommendations for system and device hardening, and familiarity with common baseline compliance frameworks (e.g., CIS Benchmarks)
  • Develop security technology roadmaps, evaluate new products for varying system architectures, and provide cost/benefit analysis in alignment with business objectives.
  • Manage the physical security and access management of the facilities
  • Manage incidents, advise executive stakeholders, and serve as the technical focal point for the Crisis Response Team in response to cyber incidents.
  • Coach, manage, and mentor the team members with a strong focus on refining standard operating procedures and documentation.
  • Coordinate and partner closely with various parts of the business and their management to ensure security integration

Required Skills:
  • 10+ years of progressive experience in information security or IT security roles.
  • 3+ years in a technical security leadership or management role, with responsibility for setting direction and leading teams.
  • Strong background in security operations, incident response, threat detection, and monitoring.
  • Demonstrated experience securing Azure and Microsoft 365 environments in regulated or enterprise contexts.
  • Working knowledge of SIEM platforms (e.g., Sentinel, Splunk), EDR/NGAV, email security, and vulnerability management tools.
  • Experience aligning technical security controls to regulatory frameworks (FedRAMP, NIST, CMMC).
  • Excellent communication, prioritization, and cross-functional coordination skills.
  • Must gain and maintain Trusted Role.
  • U.S. citizenship required due to contract obligations.

Desired Skills:
  • Experience leading and scaling 24/7 security operations with a mix of internal staff and third-party providers.
  • Familiarity with cloud service delivery models and managed security operations.
  • Experience supporting audits through operational readiness, documentation, and response coordination.
  • Ability to evaluate security tooling and make risk-based recommendations without requiring deep hands-on implementation.
  • Prior experience in highly regulated industries or SaaS environments serving government or critical-infrastructure customers.
  • CISSP or comparable senior-level security certification

Education:
  • Bachelor's degree in an IT or Security-related discipline or equivalent experience.
  • CISSP and other security/technical certifications are a plus.

Location: Herndon, Virginia - Hybrid (in office 3x/week)

About Exostar

Industry
Founded
2000

Similar Jobs

More Jobs at Exostar

More Information Technology Jobs

Find similar Manager, Intelligence and Operations jobs: