The Role
The Director of Cybersecurity leads API's global cyber defense program, overseeing security operations, incident response, and cloud security management across AWS and Azure, while also developing metrics and team capabilities.
Summary Generated by Built In
Overview
The Director of Cybersecurity will lead API’s global cyber defense program, reporting to the SVP and CISO. This leader is accountable for security operations, threat detection, and incident response — and for building resilient defenses across API’s applications, infrastructure, networks, and cloud environments.
A critical focus is cloud security. The Director will manage API’s security posture in AWS and Azure, embed security into product development, and lead the SOC MSSP partnership. This role requires deep technical expertise, executive-level communication, and the ability to translate threat intelligence into action.
Key Responsibilities
Technical Skills
Leadership & Competencies
Education & Certifications
Compensation:
$170,000 - $190,000 USD, Commensurate with experience.
The Director of Cybersecurity will lead API’s global cyber defense program, reporting to the SVP and CISO. This leader is accountable for security operations, threat detection, and incident response — and for building resilient defenses across API’s applications, infrastructure, networks, and cloud environments.
A critical focus is cloud security. The Director will manage API’s security posture in AWS and Azure, embed security into product development, and lead the SOC MSSP partnership. This role requires deep technical expertise, executive-level communication, and the ability to translate threat intelligence into action.
Key Responsibilities
- Cyber Defense & Threat Intelligence: Own API’s cyber defense strategy across threat intelligence, detection, incident response, and product fraud and abuse. Translate adversarial research into actionable controls, detection rules, and response procedures.
- SOC Operations: Lead and manage the SOC MSSP, ensuring 24x7x365 monitoring, investigation, and response. Set performance standards, drive operational accountability, and continuously improve SOC effectiveness.
- Cloud Security: Manage API’s cloud security posture across AWS and Azure, applying defense-in-depth best practices to protect cloud-native and hybrid environments.
- Security Engineering Partnership: Partner with engineering to embed security into product development from the ground up — ensuring secure-by-default practices across cloud-hosted workloads and applications.
- Incident Response: Lead containment, recovery, and postmortem activities for security incidents. Establish measurable benchmarks to track program maturity and drive continuous improvement.
- Frameworks & Architecture: Apply NIST, MITRE ATT&CK, and the Cyber Kill Chain to guide security architecture, detection strategy, and response procedures. Maintain current security architecture diagrams and documentation.
- Metrics & Reporting: Develop and maintain scorecards that measure SOC effectiveness and organizational risk. Report regularly to security and business leadership with clear, actionable insights.
- Automation & Innovation: Identify and implement automation technologies to improve threat detection, prevention, and response at scale.
- Team Development: Empower and develop SOC analysts and team members, fostering a culture of accountability, continuous learning, and strong cybersecurity practice.
- SOC performance metrics demonstrate measurable improvements in mean time to detect (MTTD) and mean time to respond (MTTR).
- Cloud security posture scores improve consistently in AWS and Azure environments.
- Security is embedded into the product development lifecycle with no critical vulnerabilities at release.
- Incident response playbooks are documented, tested, and continuously refined.
- High team engagement and development of SOC analyst capabilities.
- Security risks are communicated clearly to executive leadership with actionable recommendations.
- 7–10+ years of progressive cybersecurity experience, with demonstrated leadership in security operations, threat detection, and incident response.
- Proven track record managing a SOC or MSSP relationship, including 24x7 operational oversight and performance management.
- Hands-on experience with AWS and Azure, including cloud security posture management and securing cloud-native and hybrid environments.
- Strong background in threat intelligence and adversarial techniques, applying frameworks such as NIST, MITRE ATT&CK, and the Cyber Kill Chain.
- Experience developing security metrics and scorecards for both operational teams and executive leadership.
- Proven ability to lead incident response from containment through postmortem, with measurable program improvement benchmarks.
- Background in security engineering and architecture — particularly designing defensible systems — is a plus.
Technical Skills
- Working knowledge of CASB, SASE, firewalls, VPN, IDS, endpoint security, DLP, EDR/AV, and SIEM.
- Strong experience with Microsoft O365 security capabilities and administration.
- Familiarity with automation technologies supporting threat detection, prevention, and response.
Leadership & Competencies
- Proven ability to lead, develop, and motivate technical teams including SOC analysts.
- Communicates effectively at staff and executive levels — translating complex security risks into clear business context.
- Balances security requirements with business operations and innovation, building credibility across technology and business units.
- Organized, efficient self-starter capable of managing multiple priorities with minimal supervision.
Education & Certifications
- Bachelor’s degree in Cybersecurity, Computer Science, MIS, or equivalent experience; Master’s degree desirable.
- Preferred certifications (not required): GSEC, GCIA, GCIH, GCFE, GCFA, CISSP, CISM, or CISA.
Compensation:
$170,000 - $190,000 USD, Commensurate with experience.
Skills Required
- 7-10+ years of progressive cybersecurity experience
- Proven track record managing a SOC or MSSP relationship
- Hands-on experience with AWS and Azure
- Strong background in threat intelligence and adversarial techniques
- Experience developing security metrics and scorecards
- Proven ability to lead incident response from containment
- Background in security engineering and architecture
- Bachelor's degree in Cybersecurity, Computer Science, MIS or equivalent
- Preferred certifications: GSEC, GCIA, GCIH, GCFE, GCFA, CISSP, CISM, or CISA
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
As the worldwide leader in crew accommodation solutions for over 35 years, API uses proprietary technology, unique software solutions, and our highly experienced team to make sure over 20,000 crew members from more than 90 airlines rest comfortably every night. API’s end-to-end technology platform will transform the way airlines manage crew travel. o Mobile platform, MyCrewCare o Sourcing & Contracting o Crew Planning o Daily Operations & IROPS o Distressed Passenger o Billing & Reconciliation o Business Analytics Offering global support with 24 locations worldwide & Operations Centers in New York, Hong Kong, London and Sao Paolo –making API the only accommodation partner with global teams ready and able to assist 24/7. Visit www.apiglobalsolutions.com to learn more or send us a LinkedIn message!
