Manager, Threat Detection and Incident Response

Contentful strives to build a secure and safe service and commits considerable effort and resources to security. Our Security team supports organization-wide information security management programs and collaborates closely with internal teams. We believe that Security must be anchored by DevOps principles with strong repeatable processes.

We are looking for a committed and driven manager who is passionate about solving complex security problems in innovative and scalable ways, with deep experience leading incident response and detection programs at scale. As the Manager of Threat Detection and Response, you will own the operational and strategic direction of security incident response, including team development, program strategy, and capability maturity in alignment with broader security and company objectives.

You will remain hands-on, contributing to day-to-day detection and response activities while designing, building, and operating detection and response capabilities across cloud-native and corporate environments. You will lead large-scale, cross-functional incident response efforts, ensuring effective coordination, clear communication, and timely resolution of complex security events. This role requires strong expertise in detection engineering, attacker techniques, and modern security practices, with the ability to apply these concepts in practical and scalable ways.

You will drive continuous improvement across the Threat Detection and Response program and partner closely with security, IT, and cross-functional stakeholders to align priorities, execute shared initiatives, and ensure comprehensive risk mitigation while minimizing impact to end users across the organization.

• Develop a team, providing coaching, mentorship, goal setting, and performance feedback.
• Mature effectiveness and efficiency by improving processes, tooling, and documentation.
• Collaborate with security leadership to execute business aligned, risk reduction roadmaps.
• Own execution and prioritization across projects and operations, using agile delivery practices.
• Shape work scope, sequencing, and success criteria in line with department and company needs.
• Enhance tooling, automation, and integrations to improve visibility and reduce manual effort.
• Perform daily alert investigation and response in a cloud-native and traditional environment.
• Investigate and lead teams responding to incidents of varying sizes and complexities
• Define roles and make hiring decisions to grow the team in line with department needs.
• Remain hands on, balancing technical leadership with direct response work.
• Communicate risks and technical concepts with clarity to leadership and stakeholders.
• Define and maintain metrics to measure impact, optimize execution, and guide investment.
• Accelerate adoption of AI, balancing practicality enablement, and risk management.
• Facilitate incident training, including table top exercises.
• Lead and refine detection engineering, including the creation and upkeep of threat detections.
• Collaborate on threat models by incorporating detection use cases into designs.
• Identify systemic issues and collaborate on approaches to address root causes.
• Compose high-quality incident and threat reports for executives.
• Provide insights and input on tool selection to help grow our cybersecurity portfolio.
• Ensure all end users receive delightful and informative interactions with Security.

• 6+ years experience in security operations, including alert triage and investigation
• 4+ years conducting large scale incident response activities with 2+ years leading
• 2+ years managing people and security operations teams.
• Comfort operating in ambiguity, balancing strategic thinking, security, and practicality.
• Ability to support occasional off-hours incident response efforts
• Expertise in attacker techniques in cloud-native and traditional environments.
• Hands-on experience owning security technologies (e.g., EDR, AntiVirus, etc.)
• Expertise in AWS audit and security services to investigate cloud centric threats
• Expert usage, data onboarding, and data administration within Splunk
• Mastery of investigation methods and capable of handling complex and ambiguous cases
• Practical experience with cross-platform and hybrid environment investigations
• Ability to perform detailed host analysis on Mac, Windows, & Linux systems
• Proficient in correlating patterns across assets and environments to support investigation.
• Incident lifecycle master with ability to cohesively manage simultaneous workstreams
• Ability to make tactical and fundamental recommendations to improve security
• Ability to design large-scale threat detection using diverse technologies and data sets
• Skilled in evaluating quantitative and qualitative effectiveness of security measures
• Familiarity with modern engineering and detection engineering practices
• Passion for solving complex security problems in innovative and scalable ways
• A drive for change through continuous improvement
• Capable of working independently but possesses a collaborative mindset
• Ability to work in a fast-paced environment, often juggling multiple projects
• Experience working independently and as part of a team

This position is not eligible for visa sponsorship. Applicants must be authorized to work without the need for visa sponsorship by the start date of employment. 

#LIremote