No Sponsorship will be provided for this role.Location: On Site at location listed in posting
Weekly Schedule: Monday- Friday, 9am-5pm
The Security Operations Manager leads a multi-discipline security team covering application security, threat detection, vulnerability management, red/purple team activities, and security automation, with a heavy emphasis on detection, readiness, and real-world risk reduction.
The role is at the intersection of secure development, threat detection, and operational maturity within a large, multi-cloud online banking environment. Large-bank experience is preferred.
What the Manager Owns- People leadership for a multi-discipline cyber team (6 to 12 direct reports)
- Threat detection
- Penetration testing readiness and follow-through
- Red / blue / purple team integration
- Reducing enterprise attack surface
Key ResponsibilitiesLeadership & Team Management- Manage and develop a team of security professionals across vulnerability management, threat detection & threat intelligence, red/purple team disciplines, and security automation
- Act as the escalation point for high-risk or high-impact cyber issues
Application Security- Oversee SAST, DAST, SCA, manual testing, and penetration testing programs
- Drive shift-left AppSec - IDE scanning, CI/CD integration, and secure coding practices
- Reduce testing cycles and downstream findings by improving early detection
- Operate tool-agnostic (e.g., Veracode, Invicti, Burp)
- Ensure AppSec supports modern cloud-native and DevOps environments
- Build trusted relationships with Shadow IT owners, and progressively align with security tooling, testing, and IT security practices.
Threat Detection & Purple Teaming- Own detection-focused security outcomes, not just vulnerability reporting
- Work closely with SOC and IR teams to improve detection signals
- Use pen-test and red-team insights to strengthen blue-team defenses
- Apply purple-team thinking to close gaps between offense and defense
Penetration Testing & Offensive Readiness- Ensure strong internal and third-party penetration testing coverage
- Validate that findings are meaningful, prioritized, and remediated
- Use offensive testing to drive real defensive improvements
Vulnerability & Configuration Risk Reduction- Oversee vulnerability and configuration management programs
- Maintain hardening standards, baselines, and remediation tracking
- Reduce enterprise attack surface across cloud, applications, and infrastructure
- Integrate AppSec, pen-test, and vulnerability data into risk-based prioritization
Environment & Scope- Multi-cloud environment
- High-availability online banking systems
- Highly regulated financial services setting
- Heavy collaboration with engineering, cloud, risk, and executive leaders
Required Experience- 10+ years in cybersecurity spanning AppSec, threat detection, incident response, and vulnerability management
- 3-5+ years leading multi-disciplinary security teams
- Demonstrated success reducing attack surface and improving detection speed
- Strong understanding of application security; threat detection & response; penetration testing & adversary simulation; and CI/CD and cloud-native environments
- Comfortable presenting to and influencing executives
- Large-bank experience preferred, with the adaptability to thrive in a smaller-bank environment
Benefit Highlights• Medical with wellness incentives, dental, and vision
• HSA with company match
• Maternity and parental leave
• Tuition reimbursement
• Mentor program
• 401(k) with 6% match
• More -- FirstHorizon.com/First-Horizon-National-Corporation/Careers/Our-Benefits