Security Operations - AVP

Hybrid - 3 days/week in Orlando, FL HQ

Our client, a leader in the global hospitality space, is seeking an AVP-level Security Operations leader to build out and enhance their hybrid Security Operations Center (SOC), which integrates in-house capabilities with MSSP support. The AVP of Security Operations will be responsible for designing, implementing, and optimizing security operations while driving incident response, threat intelligence, automation, and cloud security initiatives.

The ideal candidate is a technical security expert with deep experience in SIEM, SOAR, EDR, cloud security, and API security, along with a strong background in incident response, detection engineering, and security frameworks. This role requires someone who can architect, refine, and operationalize security processes while working closely with internal teams and external partners to improve detection, response, and threat mitigation strategies.

Key Responsibilities:

• Serve as the technical lead for a hybrid SOC and as POC across in-house security teams and MSSP providers to refine detection and response capabilities.
• Architect and optimize SIEM, SOAR, and EDR solutions to optimize effective log aggregation, correlation, and automation of security workflows.
• Develop, implement, and continuously assess incident response playbooks.
• Drive threat intelligence initiatives, incorporating real-world threat actor tactics, techniques, and procedures (TTPs) into detection and response strategies.
• Leverage security automation to streamline processes, reduce manual effort, and improve response times.
• Establish and enforce security frameworks and best practices within the SOC in alignment with NIST, MITRE ATT&CK, CIS, and other relevant standards.
• Collaborate with DevOps, IT, and engineering teams to ensure security is embedded across the technology stack.
• Continuously assess and improve security tools, processes, and integrations to stay ahead of emerging threats.

Required Qualifications:

• 10+ years of hands-on experience in security operations, incident response, detection engineering, and threat intelligence.
• Bachelor's degree in Computer Science, Cybersecurity, or a related field.
• Deep expertise in SIEM, SOAR, EDR, cloud security, and security automation.
• Experience managing a hybrid SOC environment (in-house + MSSP collaboration).
• Strong knowledge of cloud security (AWS, GCP, Azure), container security (Kubernetes, Docker), and API security.
• In-depth experience with cyber threat intelligence, adversary tactics, and real-world attack detection.
• Familiarity with security frameworks and methodologies, including NIST 800-53, MITRE ATT&CK, CIS Benchmarks, and ISO 27001.
• Strong scripting and automation skills (Python, PowerShell, Terraform, or similar).
• Ability to work independently as a technical leader while collaborating across multiple teams.

Preferred Qualifications:

• Experience in the hospitality, travel, or entertainment industry.
• Certifications such as CISSP, CISM, GCFA, GCIH, AWS Security Specialty, or Kubernetes Security (CKS).
• Hands-on experience integrating MSSP threat intelligence feeds into security operations.

This role offers the opportunity to be the technical backbone of security operations, leading the charge in detection, response, and automation for a complex hybrid environment. You'll work with cutting-edge security technologies while shaping the future of security operations in a fast-paced, customer-centric industry.

Interested candidates must submit a resume with first+last name and contact information in order to be considered. This is a full-time position; applicants seeking C2C/C2H employment will not be accommodated.