Coastal · 1 day ago
Cybersecurity Operations & Incident Response Manager
United States
Full-time
Onsite
Senior Level, Lead/Staff
$163K/yr - $200K/yr
8+ years expCoastal is at the forefront of modern banking, combining strong financial infrastructure with cutting-edge Banking-as-a-Service (BaaS) and fintech enablement strategies. The Cybersecurity Operations & Incident Response Manager will build and run Coastal’s 24×7 security operations capability, leading security monitoring, incident response, detection engineering, and vulnerability management.
Financial Services
Responsibilities
Stand up and lead a lean, highly efficient, and automation-driven Security and Threat Operations team, including hiring, coaching, and career development of analysts and engineers
Establish operating rhythms (standups, metrics reviews, post-incident retrospectives) and standard operating procedures for response, containment, eradication, and recovery
Build and maintain a Security and Threat Operations strategy in coordination with the CISO and other stakeholders, including software engineering, data engineering, and IT
Develop and report on KPIs and KRIs for the Security and Threat Operations function
Align SecOps processes to FFIEC/GLBA expectations and industry frameworks (NIST CSF and Cyber Risk Institute Profile)
Prepare evidence for audits/exams; provide clear, actionable metrics and board-level reporting on SOC performance, incident trends, control coverage, and risk reduction
Partner with Legal, Compliance, Privacy, and Third-Party Risk on obligations and notifications
Coach analysts on analytical rigor, bias reduction, and structured investigations
Promote a blameless, learning-oriented culture that prizes speed, accuracy, and craftsmanship
Own SIEM/SOAR strategy and daily operations; drive log onboarding, normalization, and high-fidelity detections across the entire technology landscape, including but not limited to: Core technology infrastructure: Active Directory Domain Services, Entra ID, Okta, Azure control plane, Zscaler, Windows and macOS endpoints, hybrid network, Productivity/G&A systems: M365, SaaS, Business-specific systems: Azure IaaS/PaaS services, custom-developed API services, banking core, financial ledger and reporting systems
Coordinate with Engineering and IT to build detection engineering into system development lifecycle
Develop, test, and maintain detection content (e.g., KQL/Sigma), alert routing, and enrichment pipelines that reduce noise and increase true-positive rates
Integrate threat intelligence (strategic, operational, and technical) into detections and response workflows
Serve as incident response commander for high-severity incidents; coordinate cross-functional responders in Infrastructure, IT, Engineering, Legal, and Compliance
Build, maintain, and continuously improve standard operating procedures (SOPs), runbooks, and playbooks
Maintain and exercise incident response plans through tabletop and similar activities
Mature evidence handling, forensics workflows, and case management; ensure accurate timelines and regulator-ready documentation
Drive post-incident reviews with measurable corrective actions (people/process/technology) and executive readouts
Own the vulnerability management lifecycle, ensuring coverage of vulnerability discovery, triage, and management across servers, endpoints, network, cloud subscriptions, containers/images, and custom APIs
Prioritize remediation using risk-based scoring and exploit intelligence
Track configuration and identity hygiene (e.g., privileged accounts, conditional access, MFA coverage, device compliance) and partner with owners to close gaps
Building and maturing a threat hunting and purple team function as part of the overall Security & Threat Operations maturation roadmap
Lead day-to-day oversight of the third-party SOC: queue hygiene, case quality, SLAs, runbook adherence, and continuous tuning to our environment
Ensure vendor tooling integrations, data retention, and access are compliant with Coastal policies and regulatory expectations
Qualification
Required
Demonstrated success operating in hybrid environments spanning on-prem AD, Entra ID (Azure AD), Okta, Azure, Microsoft 365, Zscaler, and containerized workloads/APIs
Hands-on expertise with SIEM/SOAR, EDR, log pipelines, and detection content development including tuning and QA
Proven incident commander for high-impact events; adept with forensics, scoping, containment, and executive communication
Strong vulnerability management leadership across technology areas, including risk-based prioritization and remediation orchestration
Familiarity with MITRE ATT&CK, cyber kill chain, and threat-led validation (purple teaming)
Experience managing outsourced SOC/MSSP providers with measurable improvements to signal quality and response times
Excellent communication skills—able to translate technical risks into business terms and influence across stakeholders
Familiarity with scripting or automation tools (e.g., Python, TypeScript) to streamline operations processes
8+ years in Security Operations, Incident Response, Detection Engineering, or Threat Hunting
3+ years leading teams or programs
Bachelor's degree in Information Security, Computer Science, or related field, or equivalent practical experience
Preferred
Prior experience in a regulated environment (finance, healthcare, etc.) is strongly preferred
Company
Coastal
At Coastal, we are redefining the banking experience through innovative embedded finance solutions tailored for the modern marketplace.
201-500 employees
Funding
Current Stage
Growth StageLeadership Team
Danica Hudson
SVP, Head of Enterprise Partnerships & Payments
Erika Heer
Executive Vice President, Chief Human Resources Officer
Recent News
Bank Think
2025-09-29
2025-09-22
Company data provided by crunchbase