Security Operations Manager

City of Seattle, WA

$130K — $195K *
US-AnywhereRemote in Seattle, WA
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in technology or equivalent experience.
  • Seven years of combined experience in IT, primarily in cybersecurity roles.
  • Five years of managerial experience in leading and developing technical teams, focused on cybersecurity.
  • Advanced knowledge of attack tactics and security technologies.
  • Ability to develop and exercise incident response plans.

Responsibilities

  • Manage incident detection and response program enhancements.
  • Coordinate cybersecurity operations and threat intelligence activities.
  • Validate the effectiveness of defenses through metrics and exercises.
  • Lead contributions to the City's vulnerability management program.
  • Adapt cyber defense capabilities for upcoming City projects and industry changes.

Benefits

  • Comprehensive vacation, holiday, and sick leave.
  • Medical, dental, vision, life, and long-term disability insurance for employees and dependents.
Full Job Description
Salary: $62.59 - $93.90 Hourly
Location : Seattle Municipal Tower, 700 5th Ave., Seattle, WA
Job Type: Civil Service Exempt, Regular, Full-time
Remote Employment: Flexible/Hybrid
Job Number:
Department: Seattle Information Technology
Opening Date: 06/30/2026
Closing Date: 7/14/2026 4:00 PM Pacific

Position Description
The City of Seattle is seeking qualified candidates for the position of Security Operations Manager (IT Professional A) in the Seattle Information Technology's (Seattle IT) Security and Infrastructure Division.
Job Responsibilities
Come and apply your extensive skills in cybersecurity leadership at the City of Seattle! We are looking for a dedicated, experienced cybersecurity professional to manage our Security Operations team and guide our cyber defenders in their mission to protect the City's services, data, and systems. Join Seattle IT's fantastic, committed team of IT experts, and together we can achieve great things!

The Security & Infrastructure (S&I) Division within Seattle IT provides the reliable, secure, highly available infrastructure services that the City's technology delivery relies upon. Additionally, S&I provides cybersecurity services for the City's entire IT environment in alignment with the NIST Cybersecurity Framework 2.0, industry standard methodologies, and regulatory expectations. We partner with the rest of Seattle IT to ensure our systems and data are safe, and that we are ready to respond should incidents arise. The work we do directly contributes to the protection of City data and systems, and the availability of the services the city provides to the public.

The Security Operations Manager leads a team of skilled cybersecurity professionals, while driving excellence in the processes and technologies around detection, assessment, response, and resolution of cybersecurity incidents. The position reports to the City of Seattle Chief Information Security Officer and Assistant Chief Technology Officer for Security & Infrastructure and partners closely with the cybersecurity risk team, peer cybersecurity teams across City Departments, and peer leaders across Seattle IT to promote and mature security practices and provides effective leadership and staff development for the Security Operations team.

Technical Leadership

  • Manage and lead ongoing improvements in Seattle IT's citywide incident detection and response program, including the development and enhancement of incident response plans, processes, and tools to effectively run the program.
  • Coordinate detection engineering, SIEM/SOAR operations, EDR/XDR/NDR telemetry, forensic investigations, threat intelligence gathering and sharing, enterprise event log collection, and threat hunting activities.
  • Regularly validate the effectiveness of cybersecurity defenses and incident response readiness through measurable metrics, tabletop exercises, red/purple/blue teaming, and other approaches.
  • Lead Security Operations' contribution to the City's vulnerability management program in partnership with peer technical managers and compliance partners, providing operational metrics as needed and supporting a risk-based approach to prioritization of vulnerability remediation.
  • Proactively adapt Security Operations cyber defense capabilities in anticipation of City projects and programs, strategic direction, and industry shifts.
  • Maintain and grow strong operational relationships and processes between Security Operations and security partners across the City's public safety, utility, transportation, and operational technology environments.
  • Assume incident command or other designated roles in cybersecurity incidents as defined by the relevant incident response plan.
  • Regularly review response plans to ensure incident notification reporting requirements for relevant compliance, federal, and state entities are documented and current.
  • Negotiate vendor contracts for a strengthened security posture at an advantageous cost


Strategic Leadership

  • Develop cybersecurity strategic roadmaps that are aligned with larger Seattle IT and City strategic goals and initiatives. Advise senior leadership on issues, challenges, trends, and opportunities, and recommend how those should influence division standard processes and strategies.
  • Provide overall management and coaching of the security operations staff, including developing training programs, setting team objectives and individual expectations, aligning team members for individual and team success, assessing performance, and meeting key performance indicators.
  • Establish and cultivate strong strategic partnerships with City peers and collaborators in cybersecurity risk, privacy, infrastructure, endpoint, identity, applications, operational technology, and other relevant domains. Ensure alignment on security objectives, incident readiness, and roadmaps.
  • Continually evaluate our security vendor and managed service relationships, including managed service providers, for value, service performance, incident coordination, and alignment with strategic roadmaps and industry direction.
  • Maintain awareness of industry trends and developments in cybersecurity and adjacent domains that may impact our environment, and work with the Security Leadership to adjust approaches and roadmaps as needed.
  • Communicate effectively and professionally with all levels of the organization.
  • Lead executive briefings and incident command communications during cybersecurity events, exercises, and readiness reviews, translating technical risk into operational and policy decisions for senior City leadership.
  • Periodically support and advise sister agencies in their cybersecurity practices, protocols and incident response
  • Lead the team in incorporating the City's Race and Social Justice Initiative values and objectives into daily work, programs, and practices.
  • Engage in strategic leadership, partnership, and mutual support with the S&I divisional leadership team and Seattle IT-wide leadership/management bodies and actively represent our leadership values daily.
  • Manage the Security Operations team's annual budget, including forecasting, tracking of actuals, and identification of cost savings and efficiencies.
  • This position may be required to work outside of business hours in response to incident scenarios.


Please note this job advertisement is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.

Qualifications
NOTE: Equivalent combinations of education and experience will be considered for the required qualifications.

Required Qualifications:

Education:

  • Bachelor's degree or equivalent experience in a technology-related field.


Experience:

  • Seven years' combined experience in information technology, with a significant portion of that time in cybersecurity roles.
  • Five years of managerial experience leading, mentoring, and developing a technical team, with a significant portion of that time being with a cybersecurity-related team.


General knowledge, skills and experience:

  • Advanced knowledge of the various attack tactics, techniques, and practices used by threat actors, as well as networking technologies, protocols, and common security tools.
  • Demonstrated ability to develop, improve, and exercise incident response plans and procedures.
  • Significant experience with cyber incident response.


Additional Requirements

  • Ability to pass Criminal Justice Information Services (CJIS) background check within six months of hire.

Desired Qualifications:

You will be best equipped for this role if you have one or more of the following:

  • Knowledge of a breadth of technical domains, including one or more of servers, identity, cloud, database, and applications.
  • Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) certification.
  • Experience with red/purple/blue teaming, penetration testing, tabletop exercises, and other forms of assurance of cyber defenses and response readiness.
  • Understanding of federal, state, and regulatory compliance drivers and requirements relevant to municipal governments and utility organizations.
  • Experience leading union-represented staff.
  • Experience successfully handling vendor relationships.


Additional Information
The full salary range for this position is $62.59 - $93.90 per hour.

The targeted salary range for this individual role is up to $92.50 per hour based on experience and skills.

Benefits

The City of Seattle offers a comprehensive benefits package including vacation, holiday, and sick leave as well as medical, dental, vision, life and long-term disability insurance for employees and their dependents. More information about employee benefits is available on the City's website at: https://www.seattle.gov/human-resources/benefits/employees-and-covered-family-members/most-employees-plans.

Application & Selections Process

  • A complete NeoGov/GovernmentJobs online application is required. Please include at least 10 years of relevant work history (or more, if applicable), with job duties, employment dates, number of direct reports, and reasons for leaving clearly detailed.
  • Attached resume and cover letter describing your skills and experience in relation to this position.
  • Supplemental questions responses


Your application must include both a resume and a cover letter. Applications submitted without these documents will not be considered.

Please ensure that both documents have been successfully uploaded before submitting your application.

The most competitive candidates will be invited to participate in one or more interviews.

If you have any questions or require a reasonable accommodation to complete any part of the selection process, please contact Julie Hugill at [email protected]

Workplace Environment (Telework Expectation):

This position offers flexibility of a hybrid work schedule. Hybrid telework schedules have a minimum requirement of three days onsite per week, which is subject to change at any time at the Mayor's discretion. Individual schedules are based on operational needs and agreement between the employee and their supervisor.

Similar Jobs

More Jobs at City of Seattle, WA

More Information Technology Jobs

Find similar Security Operations Manager jobs: