Ecolab

Senior Director, Security Threat

Ecolab$168K — $252K *
Information Technology
11 - 15 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor’s degree in Computer Science, Cybersecurity, or related field; equivalent experience may be considered.
  • 12+ years of progressive experience in cybersecurity, security operations, or threat intelligence.
  • 5+ years of leadership experience at the Senior Manager or Director level overseeing multi-team security operations.
  • Proven track record of leading detection and response programs across SOC operations and incident response.
  • Experience managing organizations of 15+ individuals with diverse technical specializations.

Responsibilities

  • Define and own the enterprise threat detection and response strategy and roadmap.
  • Lead a 24x7 Security Operations Center for monitoring and investigation activities.
  • Drive the detection content lifecycle within the SIEM and improve analyst workflow efficiency.
  • Establish threat hunting programs and operationalize threat intelligence for proactive detection.
  • Own the enterprise incident response process and lead major incident coordination.

Benefits

  • Work in a dynamic, global Fortune 500 environment.
  • Opportunity to lead and shape a comprehensive threat management program.
  • Collaborate with a talented team across various security functions.
  • Engage in continuous professional development and skills enhancement.
  • Potential travel opportunities for site assessments and team collaboration.
Full Job Description

Job Summary: The Director of Threat Management is responsible for leading the enterprise detection and response function, owning the reactive side of security: identifying, investigating, and containing threats across a global Fortune 500 environment. This role provides leadership for the Security Operations Center (SOC), Cyber Threat Intelligence (CTI), Detection Engineering, and Incident Response (IR), and is accountable for the speed and quality of threat detection, triage, investigation, and response across the enterprise.

The Director of Threat Management leads a 24x7 monitoring and response organization while advancing the detection engineering pipeline, maturing threat intelligence integration, and driving measurable improvement in mean time to detect and mean time to respond. The role combines strategic direction, operational accountability, and organizational leadership to reduce enterprise risk from active and emerging threats, partnering closely with the platform engineering team that owns the underlying security tooling.

What You Will Do:

Strategy, Governance, and Leadership

  • Define and own the enterprise threat detection and response strategy, roadmap, and operating model aligned to cybersecurity, risk, and business objectives.

  • Mature the threat management program through formal governance, playbooks, standards, metrics, and leadership reporting.

  • Present detection and response posture, incident trends, risks, and investment needs to security leadership and executive stakeholders.

  • Establish and monitor KPIs such as mean time to detect (MTTD), mean time to respond (MTTR), detection coverage, and alert quality.

  • Lead prioritization decisions across the SOC, threat intelligence, detection engineering, and incident response functions.

Security Operations and Monitoring

  • Lead a 24x7 Security Operations Center responsible for monitoring, alert triage, escalation, and initial investigation across the enterprise.

  • Own the detection content lifecycle within the SIEM, and define data source onboarding, log storage, and retention requirements for the platform-owning team.

  • Drive continuous improvement in alert quality, triage efficiency, and analyst workflow to reduce noise and analyst fatigue.

  • Establish tiered operating models, shift coverage, and escalation paths that ensure consistent 24x7 response readiness.

  • Oversee SOC performance metrics, service levels, and quality assurance across monitoring and triage activities.

Detection Engineering

  • Lead the detection engineering function responsible for building, tuning, and maintaining detection content across SIEM and security telemetry sources.

  • Drive a detection-as-code approach with version control, testing, peer review, and measurable detection coverage mapped to MITRE ATT&CK.

  • Prioritize detection development against threat intelligence, red team findings, incident learnings, and emerging adversary techniques.

  • Establish metrics for detection coverage, efficacy, and false-positive rates, and drive continuous tuning based on outcomes.

  • Partner with engineering and platform teams to ensure high-quality, well-structured log and telemetry sources feed detection pipelines.

Cyber Threat Intelligence

  • Lead the Cyber Threat Intelligence function responsible for strategic, operational, and tactical intelligence supporting detection and response.

  • Operationalize threat intelligence by driving indicator enrichment, threat actor tracking, and intelligence-led detection and hunting priorities.

  • Deliver executive and stakeholder threat briefings that translate the threat landscape into business-relevant risk and action.

  • Establish threat hunting programs that proactively search for adversary activity across the environment ahead of alerting.

  • Manage intelligence sources, sharing partnerships, and integration of intelligence into SIEM, SOAR, and detection workflows.

Incident Response

  • Own the enterprise incident response process across detection, triage, containment, eradication, recovery, and post-incident review.

  • Lead major incident coordination, serving as an escalation point and driving cross-functional response during significant events.

  • Establish and maintain incident response playbooks, runbooks, and tabletop exercises to ensure organizational readiness.

  • Drive post-incident reviews and lessons-learned processes that feed detection improvements and control gaps back into the program.

  • Partner with legal, communications, IT, and business stakeholders to ensure coordinated response and regulatory notification where required.

Tooling and Automation Requirements

  • Define detection and response requirements, use cases, and priorities for the SIEM, SOAR, and log storage platforms owned and operated by the platform engineering team.

  • Partner with the platform-owning team to shape roadmap, data onboarding, retention, and automation priorities that serve detection and response needs.

  • Specify SOAR automation use cases for triage, enrichment, and response, and validate that delivered automations meet analyst workflow requirements.

  • Provide feedback on tooling performance, gaps, and integration needs to drive a unified, efficient analyst workflow across detection, intelligence, and response.

  • Use modern tools including AI-assisted workflows to accelerate investigation, analysis, documentation, and decision-making across the team.

Organizational and People Leadership

  • Lead and develop a distributed threat management organization consisting of managers, analysts, detection engineers, threat intelligence analysts, and incident responders.

  • Build organizational clarity across the SOC, threat intelligence, detection engineering, and incident response functions.

  • Provide leadership in talent development, succession planning, coaching, performance management, and team engagement.

  • Manage staffing strategy across full-time employees, partners, and contingent resources, including managed detection and response providers where applicable.

  • Oversee third-party vendors and consulting partners supporting threat management programs and services.

Minimum Qualifications

  • Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, Engineering, or a related discipline; equivalent experience may be considered.

  • 12+ years of progressive experience in cybersecurity, security operations, threat detection, incident response, or threat intelligence.

  • 5+ years of leadership experience managing multi-team security operations or threat functions at the Senior Manager or Director level.

  • Demonstrated success leading detection and response programs across SOC operations, detection engineering, threat intelligence, and incident response.

  • Experience managing 15+ person organizations including managers, analysts, and engineers with varied technical specializations.

  • Experience leading major incident response and driving measurable improvement in detection coverage and response times.

  • Experience building or standing up new detection, intelligence, or response capabilities, teams, or services.

Technical and Functional Qualifications

  • Strong knowledge of SIEM and log management platforms and log storage technologies such as Elasticsearch or Splunk, including data onboarding, retention, and detection content management.

  • Strong knowledge of security orchestration, automation, and response (SOAR) platforms such as Swimlane or Cortex XSOAR.

  • Strong knowledge of detection engineering practices, detection-as-code, and detection coverage mapped to MITRE ATT&CK.

  • Experience with the cyber threat intelligence lifecycle, threat actor tracking, and intelligence-led detection and hunting.

  • Experience with incident response frameworks, forensic investigation concepts, and major incident coordination.

  • Understanding of threat detection across cloud (Azure, AWS, GCP), endpoint, network, and identity telemetry sources.

  • Familiarity with security frameworks and models such as MITRE ATT&CK, NIST CSF 2.0, and the cyber kill chain.

Preferred Qualifications

  • Experience in a Fortune 500, global, manufacturing, or industrial environment with complex, heterogeneous technology estates.

  • Prior experience standing up or transforming a SOC, threat intelligence, detection engineering, or incident response function.

  • Experience with threat detection and response in operational technology (OT) or industrial control system (ICS) environments.

  • Familiarity with platforms such as Elastic, Splunk, Swimlane, Cortex XSOAR, CrowdStrike, or Microsoft Sentinel.

  • Relevant certifications such as CISSP, CISM, GCIH, GCIA, GCTI, or GCFA.

Leadership Competencies

  • Strategic thinker with the ability to set direction and translate strategy into operational execution.

  • Decisive leader who operates effectively under pressure and makes sound calls during active incidents and competing priorities.

  • Delivery-oriented leader with a strong focus on accountability, measurable outcomes, and service quality.

  • Effective communicator able to translate complex threat and incident topics for executives, stakeholders, and technical teams.

  • Strong collaborator with the ability to influence across infrastructure, cloud, application, legal, and business teams.

  • Proven people leader with the ability to coach talent, build teams, and develop future leaders.

Additional Information

  • The role leads a 24x7 operation and may require off-hours availability for major incidents, escalations, and key initiatives.

  • Travel up to 10% may be required for site assessments, team collaboration, and vendor engagements.

  • The role may require coordination across global teams, including off-hours support for key initiatives, escalations, or major incidents.

About Ecolab

Ecolab provides comprehensive solutions, data-driven insights, and personalized service to customers in the food, healthcare, hospitality, and industrial markets in more than countries to advance food safety, maintain clean and safe environments, optimize water and energy use, and improve operational efficiencies and sustainability.

Ecolab Careers

Join Ecolab's dynamic team today and be part of a global leader in water, hygiene, and infection prevention solutions. At Ecolab, we are committed to advancing technologies and driving innovation that makes the world cleaner, safer, and healthier.

Work You’ll Do

At Ecolab, you will find job opportunities that promise robust growth and development in a culture that fosters leadership, innovation, and diversity. Our team is composed of over 48,000 dedicated professionals who lead the industry in delivering efficient solutions and services to our customers worldwide.

Professional Growth and Development

Embark on a career path that empowers your ambition. Ecolab offers a myriad of career advancement opportunities supported by comprehensive training programs and professional development courses. Our commitment to your growth is paralleled by our dedication to innovation and excellence in every aspect of our business.

Inclusive and Supportive Culture

Ecolab’s culture thrives on teamwork, respect, and diversity. We believe in creating an inclusive environment that values each individual’s unique background and perspectives. Diversity training and leadership programs are integral parts of our commitment to fostering an inclusive workplace.

Internship and Employment Opportunities

Whether you're starting your career or looking to make a change, Ecolab offers a range of employment and internship opportunities that can help you harness your skills and achieve your professional goals. Our hiring process is designed to be transparent and engaging, ensuring that all candidates are given the opportunity to showcase their strengths.

Benefits and Networking

Joining Ecolab means more than just employment; it’s an opportunity to be part of a global network of industry leaders and innovators. Our employees enjoy competitive benefits, including health, life, and dental insurance, retirement plans, and paid time off. We also encourage our team to connect and collaborate through various professional networking events.

Explore Job Opportunities

Are you ready to make a significant impact? Explore the various positions available at Ecolab, from entry-level roles to executive positions. Tailor your resume and prepare for interviews with our career experts who are here to support you every step of the way.

Stay Connected

Join Our Team Search open positions that match your skills and interests. We look for passionate, curious, creative, and solution-driven team players.

SEARCH ECOLAB JOBS

Keep Up to Date Stay ahead with career tips, insider perspectives, and industry-leading insights you can put to use today—all from the people who work here.

READ CAREERS BLOG

Job Alert Emails Personalize your subscription to receive job alerts, latest news, and insider tips tailored to your preferences. Discover the exciting and rewarding opportunities that await at Ecolab. Ecolab is not just a company; it's a place where you can make a difference in the world while advancing your career in a dynamic and supportive environment. Join us in making the world a better place through dedicated service and innovative solutions.
Learn more about Ecolab
Size
47,000 employees
Market Cap
$41 billion
Industry
Net Income
-$1.2 billion
Founded
1923
5 Year Trend
-0.6%
Revenue
$11.7 billion
NASDAQ

Similar Jobs

More Jobs at Ecolab

More Information Technology Jobs

Find similar Senior Director, Security Threat jobs: