Director, Security Engineering & Operations
PayScale · posted 5 hours ago
At a glance
- Salary
- $183k–$274k USD / year
- Location
- US only
- Posted
- Jul 16, 2026
- Auto-expires by
- Jul 23, 2026 (if not re-listed at source)
Remote Score for PayScale
PayScale hasn't been scored yet. Read the rubric at how we score.
About this role (from PayScale's posting)
ABOUT PAYSCALE
Payscale is the pioneer of compensation intelligence, helping organizations make smarter pay decisions that drive business performance. For more than 20 years, Payscale has combined trusted market data with AI-powered technology to deliver actionable insights that turn pay from a cost into a catalyst for growth. The Payscale Intelligence Cloud portfolio of solutions — Ascent, JobNav, and Paycycle — empower top companies and businesses like Cintas, Leidos, Chipotle, Ohio State University, and TJX Companies.
Create confidence in your compensation. Payscale.
To learn more, visit www.payscale.com http://www.payscale.com.
Job Summary
The Director, Security Engineering & Operations directs, manages, and leads Payscale’s
Security Engineering and Eecurity Operations functions. This is a hands-on leadership role:
the Director sets strategy and manages the team while remaining directly engaged in
architecture, tooling, automation, and incident command. Responsibilities span the design
and hardening of security controls, threat detection and incident response, vulnerability
and exposure management, endpoint and identity protection, and security automation
across Payscale’s corporate, cloud, and hosting environments. The Director owns
Payscale’s MDR relationship and is accountable for the maturity, performance, and
roadmap of both functions.
This role reports to the CISO, VP - Cybersecurity & Enterprise Technology.
What You'll Do
Leadership & People Management
- Direct, manage, and lead the security engineering and security operations team
members; own hiring, onboarding, performance reviews, and career development
plans aligned to Payscale’s Information Security Career Ladder
- Set strategy and quarterly/annual objectives for both functions and translate them
into a prioritized, measurable roadmap; hold regular 1:1s and team connects to
maintain a high-performance, feedback-rich culture
- Mentor engineers and analysts at all career levels, providing task-based directives,
technical coaching, and growth-oriented feedback
- Own the on-call rotation and after-hours escalation path across both functions,
ensuring coverage for time-sensitive detection and response
- Serve as a working leader — remaining hands-on in engineering, architecture, and
incident response rather than leading solely through delegation
Security Engineering
- Own the design, implementation, and continuous hardening of security controls
across corporate, cloud, and hosting environments
- Build and maintain security automation and integrations — SOAR, detection-as-
code, and infrastructure-as-code guardrails — to scale coverage without adding
headcount
- Engineer and operate the security tooling stack (EDR/XDR, SIEM, identity
protection, DLP/CASB, vulnerability scanning), ensuring platforms are well-
integrated and meet architectural standards
- Partner with Engineering and Infrastructure to embed “secure by design” into
CI/CD, cloud architecture, and product development
- Drive adoption of a zero-trust methodology across identity, endpoint, network, and
application layers
- Lead security engineering for enterprise AI and agentic tooling adoption, building
controls and guardrails for safe internal use
Security Operations & Incident Response
- Drive the threat detection and incident response capability: detection engineering,
playbook development, tabletop exercises, and continuous improvement of
MTTA/MTTR metrics
- Lead or oversee incident response events as the designated incident manager for
significant or multi-team incidents, running incident command end-to-end
- Own the MDR relationship, holding the provider accountable to SLAs, coverage,
and response outcomes
- Extend detection and response to secure enterprise AI and agentic tooling
adoption
Vulnerability & Exposure Management
- Own the vulnerability and exposure management function across all corporate and
hosting environments, coordinating cross-functionally on mitigation and
remediation with clear SLAs
- Expand security monitoring, visibility, and coverage using existing platforms and
open-source tooling
Program, Metrics & Stakeholder Engagement
- Own the security engineering and operations portion of the Information Security
program roadmap, delivering operational metrics, risk-posture data, and capacity
analysis
- Establish and report security KPIs to technology and executive leadership on a
regular cadence
- Collaborate with the GRC team on ISO 27001 and SOC 2 evidence, control
effectiveness, and audit readiness as it relates to security engineering and
operations
- Lead technical evaluations of emerging security vendors and technologies; provide
buy/build/partner recommendations to technology management
- Represent security engineering and operations in cross-functional product,
engineering, and infrastructure initiatives, ensuring security requirements are
incorporated by design
What We're Looking For
- 10+ years in information security, including 4+ years in a lead or management role
across security engineering and/or security operations functions
- Proven people-management track record: direct reports, performance cycles, and
team development in a security context
- Expert, hands-on knowledge of both security engineering (controls design,
automation, tooling integration) and security operations (detection, incident
response) — capable of acting as architect, engineer, incident handler, lead, and
manager
- Experience with the CrowdStrike Falcon platform (EDR, Identity Protection, Data
Protection, AIDR, ZTA, Exposure Management) and SIEM/SOAR orchestration
- Demonstrated experience owning or managing an MDR or MSSP vendor
relationship
- Strong foundation in cloud security (AWS preferred), endpoint security, identity and
access management, and zero-trust architecture
- Strong experience in vulnerability and exposure management and
mitigation/remediation strategies
- Scripting and automation ability in PowerShell, Python, or Bash; comfortable with
detection-as-code and infrastructure-as-code approaches
- Experience with the MITRE ATT&CK framework and the ability to map operational
data to TTPs for structured threat analysis
- Experience building operational, engineering, and vulnerability metrics and
management reporting, and driving improvement through a regular reporting
cadence
- Experience with zero-trust networks and platforms such as Cloudflare, Zscaler, or
AppGate
- Experience with Data Loss Prevention and CASB architectures and tooling such as
Forcepoint, Netskope, or Zscaler
- Familiarity with SOAR and automation platforms such as Tines, n8n, or Ansible
Nice to Have
- Certifications such as CISSP or CISM
- Experience in a remote-first SaaS and/or PE-backed environment
Location
Payscale has an employee centric remote-first model that provides you the flexibility to do your best work in a space that supports you, while also finding time to collaborate in person for the moments that matter.
In our remote-first model, employees can work from the location that works best for them. We do not have centralized corporate offices. Employees can choose to work from home, in company-paid co-working spaces, or any combination of the two that best suits their unique needs.
If you work from home, we recommend ensuring that you can meet the following technology, equipment and workspace requirements:
- High-Speed Internet - A stable broadband or fiber connection (satellite is highly discouraged) with a minimum speed of 100 Mbps in a dedicated workspace that ha