Detection and Response Manager

The Detection and Response Manager will build, lead, and continuously mature the Detection and Response Team, serving as Tier 3 support for Con Edisons IT and OT Cybersecurity Operations Center (CSOC). This role is responsible for advanced threat detection, incident escalation, and enterprise wide incident response.

Reporting to the Director of Cybersecurity Operations, the manager will establish a new team that functions as the primary escalation path for the CSOC, advances detection engineering maturity, and conducts proactive threat hunting across the enterprise. The role also influences front line CSOC effectiveness by delivering validated detections, well defined playbooks, and targeted training to ensure consistent and confident execution.

This position partners closely with Security Engineering, the CSOC, Offensive Security, Corporate Security, and the ETS team to strengthen and evolve how threats are identified and responded to across the organization. As Con Edison continues to invest in technologies such as cloud platforms, containers, AI, and OT environments, the scope of this role includes maturing detection and response capabilities across both existing and emerging technologies. This includes enhancing incident response processes and expanding SIEM and SOAR use cases to support business growth and resilience.

The Detection and Response Manager ensures the development of repeatable procedures, validation of detections through realistic scenarios, effective training of stakeholder teams, and seamless transitions of new capabilities to the CSOC. The ultimate objective is to strengthen Tier 1 and Tier 2 operations, enabling faster response times, higher confidence, and improved security outcomes.

• Build and lead the Detection and Response Team.
• Operate as the escalation path for high complexity alerts, suspected incidents and root cause investigations, supporting both IT and OT CSOC workflows.
• Improve the end-to-end response lifecycle, including alert triage, investigation, containment, remediation coordination, lessons learned and documentation.
• Partner with Security Engineering to develop and mature detection use cases, including tuning detections for low false positives and high signal quality.
• Lead continuous threat hunting by regularly scanning telemetry and investigation outputs to find stealthy attacker behavior and emerging patterns across IT and OT.
• Lead campaign-based threat hunting by defining hypotheses, objectives and success criteria with stakeholders, then running time bound hunts aligned to risk, new threats and specific business systems.
• Identify opportunities across the business where cybersecurity requirements were not implemented, were not consistently enforced, or were misaligned to risk and work with stakeholders to close those gaps.
• Collaborate with Offensive Security and threat intelligence stakeholders to incorporate new findings into detections, detections engineering and response improvements.
• Own the end to end lifecycle and continuous improvement of SIEM and SOAR use cases, spanning alert enrichment, case management, automated response actions, and orchestration.
• Develop and improve incident response processes, including playbook development, scenario testing, tabletop exercises and after-action reviews.
• Guide capability transitions to the CSOC by ensuring detections and response procedures are documented, trained, tested and ready for steady state operations.
• Establish measurable performance targets and an operating rhythm, including metrics such as mean time to detect, mean time to respond, investigation throughput, false positive rates and impact from tuning or automation.
• Evaluate, pilot, and operationalize AI-driven detection and response tools and technology (e.g., anomaly detection, alert summarization/enrichment, and automated triage) to reduce false positives and accelerate MTTD/MTTR.

• Bachelor's Degree and 8 years of relevant work experience or
• Master's Degree and 6 years of relevant work experience.

• Master's Degree Majors preferred in IT, computer science, business administration, engineering or decision sciences including mathematics, analytics, quantitative methods. and 6 years of relevant work experience.

• Leadership experience in cybersecurity operations, detection engineering, or incident response, including building and maturing teams, required.
• Hands-on experience designing, tuning, and validating detections across diverse data sources, with a track record of reducing false positives, required.
• Deep hands-on experience with SIEM and SOAR platforms, including building correlation logic, case workflows, and automation playbooks, required.
• Demonstrated experience leading hypothesis-driven threat hunts and converting findings into durable detections, required.
• Experience operating in or alongside cloud security (AWS, GCP, Azure, or OCI) required.
• Exposure to OT environments and a willingness to develop OT depth, including OT risk, telemetry, and operational constraints, required.
• Experience developing and operationalizing playbooks, procedures, and training material, required.
• Experience validating detections through tabletop exercises, purple team testing, and controlled scenarios, required.
• Track record of improving operational metrics (MTTD, MTTR, false positive reduction), required.
• Direct experience in OT or critical infrastructure environments preferred.
• Experience partnering with offensive security or threat intelligence teams to translate findings into detections and response improvements preferred.
• Experience evaluating and deploying AI-driven security tooling in a production environment preferred.
• Strong working knowledge of MITRE ATT&CK, used to map detections, hunts, and coverage gaps, preferred.
• Strong stakeholder management across security, engineering, and business teams, preferred.

• Effective leadership skills
• Demonstrated problem solving skills
• Demonstrated written communication skills

• Driver's License Required
• Project Management Professional (PMP) Training and/or certification in Project Management is a plus. Preferred
• Other: Cybersecurity certifications such as CISSP, CISM, GCFA, GCIA, or GCFE Preferred

• Sit or stand to answer a phone for the duration of the workday
• Sit or stand to use a keyboard, mouse, and computer for the duration of the workday
• Ability to read small print and symbols

• The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays.
• Must be able and willing to travel within Company service territory, as needed.

Mission Statement:

Consolidated Edison Company of New York, Inc. (Con Edison), Orange & Rockland Utilities (O&R), and Consolidated Edison Transmission (CET) employees are required to follow health, safety, and environmental policies, EEO, Standards of Business Conduct, and all other applicable company policy and procedures. We all share a responsibility to advance the company’s mission by excelling at our three corporate priorities – safety of our people and the public, operational excellence in all that we do, and ensuring the best possible customer experience.

Benefits:

We are dedicated to supporting the physical, mental, and financial health of our employees and their families. This commitment extends beyond the workplace to foster personal growth and holistic wellbeing. Our life-changing rewards package includes:

• Rich medical & pharmacy benefits, including vision benefits
• Dental benefits
• Health Savings Accounts
• Health Care and Dependent Care Flexible Spending Accounts
• 401(k) with robust matching
• Employer paid Pension Plan
• Employee Stock Purchase Plan with a generous matching contribution
• State of the art Employee Assistance Program
• Paid Parental Leave
• Generous paid time off plus paid holidays
• Family support: emergency backup child, & elder care assistance
• Social responsibility and volunteer opportunities
• Employee discount program
• Commuter Benefits
• Culture of growth and learning: career development; tuition reimbursement; recognition program
• Life and Long-Term Disability Benefits

*Please be aware that some benefits may not apply to provisional or part-time job titles.

EEO Statement:

Consolidated Edison Company of New York, Inc. (Con Edison), Orange & Rockland Utilities (O&R), and Consolidated Edison Transmission (CET) are equal opportunity employers. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of the individual’s actual or perceived disability, protected veteran status, race, color, creed, religion, sex, age, national origin, gender, gender identity, gender expression, genetic information, marital status, sexual orientation, citizenship, domestic violence victim status, or any other actual or perceived status protected by law.

Technical Difficulty Statement:

For technical issues, please contact us at [email protected]