Manager of Cyber Defense Operations

JOIN THE TEAM THAT’S POWERING PROGRESS

Building cities. Driving commerce. Saving lives. For over 100 years, Allison Transmission has powered the vehicles and technology that move our world forward.
What powers us? Our employees. From the first person hired by James Allison in 1915 to the thousands across the globe who work for Allison today, we’re driving progress everywhere because we employ top talent worldwide.  

Learn more about this role and how you can begin driving your career forward!

Job Title:

Manager of Cyber Defense Operations

Pay Grade:

M3

Job Description:

The Manager of Cyber Defense Operations is responsible for leading and executing cybersecurity initiatives focused on incident response and proactive threat hunting. This role oversees a team of cybersecurity analysts and cybersecurity engineers, ensuring effective detection, analysis, and remediation of security incidents while aligning operations with compliance requirements and organizational objectives.

Key Responsibilities:

• Manage and coordinate the organization’s incident response efforts, ensuring timely detection, analysis, and resolution of security incidents, while taking a leading role in actual incident responses.
• Develop and implement proactive threat hunting strategies to identify and mitigate potential security threats before they escalate.
• Supervise the daily activities of the cybersecurity analysts and engineers, ensuring efficient operations and optimal resource allocation.
• Create, maintain, and update incident response plans, security policies, playbooks, and runbooks to align with industry best practices.
• Evaluate security risks and vulnerabilities within the organization's infrastructure and develop strategies and processes for remediation and improvement.
• Stay current with emerging threats and trends in cybersecurity, providing actionable intelligence to inform security operations.
• Identify, assess, and respond to IoCs (Indicators of Compromise) to enhance threat detection and inform incident response efforts.
• Mentor and support the professional growth of cybersecurity analysts and engineers, fostering a collaborative and high-performance team environment.
• Work closely with IT and compliance teams to ensure alignment on security initiatives, policies, and regulatory requirements.
• Define, track, and report key performance indicators (KPIs) and other outcome-driven metrics related to incident response, threat detection, vulnerability management, and overall cybersecurity effectiveness.
• Evaluate, select, and deploy cybersecurity tools and technologies that support incident response, threat defence, and threat hunting efforts.
• Lead and coordinate regular incident response exercises and training for the cybersecurity team to ensure readiness for real-world incident scenarios.
• Collaborate with Governance, Risk, and Compliance team during security audits and contribute to remediation efforts to address identified vulnerabilities and compliance gaps.
• Establish a continuous improvement framework for the cybersecurity operations team by regularly reviewing processes against threats and risks while identifying opportunities for enhancement.

Key Performance Measures:

• Average time taken to detect, analyze, and resolve security incidents, measured from the initial alert to final resolution.
• Percentage of identified threats successfully detected through proactive threat hunting initiatives, indicating the effectiveness of threat detection strategies.
• Percentage of alerts that are false positives compared to total alerts generated by security systems, assessing the accuracy of detection methodologies.
• Percentage of audit findings related to incident response and security posture that are resolved within defined timeframes.
• Number of documented updates to incident response plans, security policies, playbooks, and runbooks completed within the fiscal year to ensure they reflect current threats and best practices.
• Number and percentage of analysed IoCs that lead to actionable insights or incident response activities, demonstrating proactive threat management.
• Stakeholder communication effectiveness measured through regular feedback from executive management regarding clarity and effectiveness of communication on security risks and incident resolutions.
• Percentage of identified vulnerabilities that are remediated within defined timelines, indicating the effectiveness of the vulnerability management program.
• Number of vulnerability assessments conducted within a specified period (e.g., quarterly, or annually), reflecting proactive identification of weaknesses within the organization’s infrastructure.
• Average time taken to detect, analyze, and resolve security incidents, measured from the initial alert to final resolution.
• Percentage of identified threats successfully detected through proactive threat hunting initiatives, indicating the effectiveness of threat detection strategies.
• Percentage of alerts that are false positives compared to total alerts generated by security systems, assessing the accuracy of detection methodologies.
• Percentage of audit findings related to incident response and security posture that are resolved within defined timeframes.
• Number of documented updates to incident response plans, security policies, playbooks, and runbooks completed within the fiscal year to ensure they reflect current threats and best practices.
• Number and percentage of analysed IoCs that lead to actionable insights or incident response activities, demonstrating proactive threat management.
• Stakeholder communication effectiveness measured through regular feedback from executive management regarding clarity and effectiveness of communication on security risks and incident resolutions.
• Percentage of identified vulnerabilities that are remediated within defined timelines, indicating the effectiveness of the vulnerability management program.
• Number of vulnerability assessments conducted within a specified period (e.g., quarterly, or annually), reflecting proactive identification of weaknesses within the organization’s infrastructure.

Qualifications

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related discipline. A master’s degree or relevant advanced certifications are preferred.
• Relevant certifications such as Certified Information Systems Security Professional (CISSP), SANS GCIH (GIAC Certified Incident Handler), Certified Information Security Manager (CIAM), or Offensive Security Certified Professional (OSCP) are highly valued.
• Strong verbal and written communication skills to effectively convey technical information to both technical and non-technical stakeholders, including executive management.
• Familiarity with relevant cybersecurity regulations and frameworks (e.g., NIST, ISO 27001, GDPR) to ensure compliance and effective risk management.
• Minimum of 3-5 years’ experience leading or managing cybersecurity operations and/or incident response team.
• 5+ years of experience in a technical role in the areas of Security Operation, Vulnerability Management, Incident Response, Detection Engineering, Offensive Security/Red Team, or Cyber Threat Intelligence.

Primary Location:

Indianapolis, IN

Additional Locations:

Allison Transmission is an equal opportunity employer. We have opportunities for all qualified applicants regardless of age, race, color, sex, religion, creed, national origin, disability, sexual orientation, gender identity/expression or veteran status.

If you are an individual with a disability or a disabled veteran requiring assistance and/or reasonable accommodations reviewing any of the careers information, please contact us at [email protected].

Please note that Allison Transmission will make an offer of employment only to individuals who have applied for a position using our official application. Be on alert for possible fraudulent offers of employment. Allison Transmission will not solicit money or banking information from applicants.