Job Description

The Vice President of Security Operations Center (SOC) at Saviynt is responsible for leading and evolving the organization’s global cyber defense capabilities. This role owns 24/7 security operations, threat detection and response, threat hunting, and incident response.
The VP SOC will define the cyber defense strategy, ensure rapid and effective response to security incidents, and provide clear, risk-based insights to executive leadership and the board. This role combines strategic vision, operational excellence, and deep technical credibility to protect the organization against modern and emerging threats.
The ideal candidate will have a proven track record of 15+ years leading high-performing cybersecurity teams, proactively identifying and mitigating threats, and driving strategic security initiatives.

WHAT YOU WILL BE DOING

• Lead and continuously mature a 24/7 global Security Operations Center (SOC) to detect, analyze, and respond to cyber threats in real time.
• Refine the SOC operating model, coverage strategy, escalation paths, and incident command structure.
• Serve as Incident Commander for incidents including global coverage. Direct overall IR activities.
• Ensure high-fidelity alerting, reduced false positives, and measurable improvements in detection and response effectiveness (MTTD, MTTR).
• Develop and execute a Threat Hunting strategy to proactively identify advanced, stealthy, and persistent threats before escalation.
• Drive adversary-focused detection aligned to MITRE ATT&CK and D3FEND, threat intelligence, and real-world attack patterns.
• Establish and maintain IR playbooks, runbooks, escalation procedures, and cross-functional coordination with IT, Legal, Communications, Risk, and Compliance.
• Lead forensic investigations, root cause analysis, and post-incident reviews to strengthen controls and prevent recurrence.
• Lead tabletop exercises, red/purple team engagements, and breach simulations to test readiness.
• Oversee Attack Surface Management (ASM) to continuously identify, monitor, and reduce external and internal exposure across cloud, SaaS, identity, endpoints, and networks.
• Oversee Dark Web Monitoring initiatives to detect leaked credentials, data exposure, insider threats, and early indicators of compromise.
• Collaborate closely with Threat Intelligence teams to track adversary TTPs, emerging threats, and sector-specific risks, translating intelligence into actionable detections and controls.
• Develop and execute a comprehensive Cyber Defense strategy, aligning security operations with business objectives, risk appetite, and regulatory requirements.
• Own the SOC technology stack, including SIEM, SOAR, EDR/XDR, CNAPP, cloud security tooling, case management, and forensic platforms.
• Drive automation and orchestration to reduce manual effort and scale SOC operations efficiently.
• Manage, mentor, and grow high-performing teams across SOC, Threat Hunting, Incident Response, and Threat Intelligence functions.
• Establish career paths, training programs, and succession planning for security operations talent.
• Partner with Product, Engineering, Infrastructure, Legal and HR teams to ensure alignment with security frameworks and regulatory obligations.
• Present clear, business-aligned cyber risk metrics, threat trends, and program updates to executive leadership and the board.

WHAT YOU BRING

• Bachelor’s or master’s degree in computer science, Information Security, or a related field. Or equivalent work experience with demonstrated results.
• 15+ years of experience leading cybersecurity teams across SOC, Threat Hunting, Incident Response, Attack Surface Management, Dark Web Monitoring and Threat Intelligence.
• Proven executive leadership and crisis management experience handling major security incidents and board-level communications.
• Deep expertise in MITRE ATT&CK, threat intelligence frameworks, adversary emulation, and digital forensics.
• Strong hands-on and architectural understanding of SIEM, SOAR, EDR/XDR, and cloud security technologies (AWS, Azure, GCP).
• Experience designing and executing cyber defense strategies in large-scale, complex enterprise environments.
• Solid knowledge of offensive security techniques and attacker methodologies, with the ability to translate them into effective defensive strategies
• Certifications - CISSP, CISM, CCSP, or equivalent are nice to have but not a requirement