Director, Head of Detection & Response

What success looks like in this role:

About the Team

Unisys Detection & Response team under Global Security Operations is responsible threat detection and incident response for Unisys. This organization is peer to Attack Surface Management, Identity & Access Security, and Intel & Offensive Security. This team will have services like 24x7 Triage, Investigation, Incident Response, Threat Hunting, Insider Threat etc. This also includes FSO which manages the clearance processes for federal projects.

What success looks like in this role:

1. Structure the team with a function/service/capability model. Identify the RACI and key metrics for each service.

2. Increase the talent density within the team through professional development and people management.

3. Operationalize Security Incident Response Plan for the organization and integrate to crisis management plan.

4. Implement Detection Response Platform with clear program health metrics.

5. Increase the Investigation and IR coverage to 24x7 and build a inhouse team.

6. Reestablish advanced hunting within existing IR team.

7. Lead FSO and manage officers assigned. manage certifications and obligation from agencies.

Key Responsibilities:

Strategic Leadership -

· Develop and implement a comprehensive detection and incident response strategy aligned with the organization's risk tolerance, regulatory requirements, and industry best practices.

· Provide strategic direction and vision for the Detection & Incident Response team, setting clear objectives, priorities, and performance metrics.

· Collaborate with senior leadership, IT teams, and other stakeholders to integrate cybersecurity incident response to other business processes.

Threat Detection -

· Platform Implementation: Working experience of Google SecOps, Cribl, Splunk etc. Detection Engineering experience with SOC Prime and similar. UEBA for Insider Threat.

· Configuration and Optimization: Oversee the configuration and fine-tuning of the selected platforms to achieve optimal performance in threat detection while minimizing false positives, enhancing the overall effectiveness of the cybersecurity infrastructure.

· Integration and Automation: Establish seamless integration between the threat detection platform and existing security tools, such as SIEM and EDR solutions, enabling enhanced visibility and automated response capabilities to rapidly mitigate emerging threats and security incidents.

Incident Response Management:

· Establish and maintain a robust incident response framework, including incident classification, escalation procedures, communication protocols, and coordination with internal teams and external partners.

· Serve as the primary point of contact for all cybersecurity incidents, liaising with relevant stakeholders, including legal, privacy, ethics & compliance, communications, and law enforcement agencies as necessary.

· Provide leadership and guidance to the incident response team during high-pressure situations, ensuring a coordinated and effective response effort.

Team Development & Training-

· Recruit, mentor, and develop a high-performing team of detection and incident response professionals, fostering a culture of collaboration, innovation, and continuous learning.

· Conduct regular training exercises, tabletop simulations, and knowledge sharing sessions to enhance the team's skills, preparedness, and resilience in responding to emerging threats and attack scenarios.

You will be successful in this role if you have:

· Bachelor's degree in Computer Science, Information Security, or related field (Master's degree preferred).

· 15+ years of experience with 8+ in a leadership role within cybersecurity, with a focus on threat detection, response, and management.

· Deep technical expertise in cybersecurity tools, technologies, and methodologies, threat intelligence, and forensic analysis.

· Strong understanding of regulatory requirements, compliance standards (e.g., GDPR, PCI DSS), and industry frameworks (e.g., NIST Cybersecurity Framework, ISO 27001).

· Excellent communication, leadership, and interpersonal skills, with the ability to influence stakeholders at from engineer to senior executives.

· Experience of successfully managing complex cybersecurity incidents and leading cross-functional response teams in a fast-paced environment.

· US Citizen willing to go through clearance or already have a clearance.

This role may require access to export-controlled commodities and technology.  Therefore, to conform to U.S. export control regulations, applicant should be eligible for any required authorizations from the U.S. Government.

Unisys is proud to be an equal opportunity employer that considers all qualified applicants without regard to age, caste, citizenship, color, disability, family medical history, family status, ethnicity, gender, gender expression, gender identity, genetic information, marital status, national origin, parental status, pregnancy, race, religion, sex, sexual orientation, transgender status, veteran status or any other category protected by law.

This commitment includes our efforts to provide for all those who seek to express interest in employment the opportunity to participate without barriers. If you are a US job seeker unable to review the job opportunities herein, or cannot otherwise complete your expression of interest, without additional assistance and would like to discuss a request for reasonable accommodation, please contact our Global Recruiting organization at [email protected] or alternatively Toll Free: 888-560-1782 (Prompt 4).  US job seekers can find more information about Unisys’  EEO commitment here.