latchhire

Director, Security Engineering & Operations

Payscale · Remote-Canada, Remote-United States
Remote · US$182–274kNew lead security engineer
Apply on Payscale →
About Payscale Payscale is the pioneer of compensation intelligence, helping organizations make smarter pay decisions that drive business performance. For more than 20 years, Payscale has combined trusted market data with AI-powered technology to deliver actionable insights that turn pay from a cost into a catalyst for growth. The Payscale Intelligence Cloud portfolio of solutions — Ascent, JobNav, and Paycycle — empower top companies and businesses like Cintas, Leidos, Chipotle, Ohio State University, and TJX Companies. Create confidence in your compensation. Payscale. To learn more, visit www.payscale.com . Job Summary The Director, Security Engineering & Operations directs, manages, and leads Payscale’s Security Engineering and Eecurity Operations functions. This is a hands-on leadership role: the Director sets strategy and manages the team while remaining directly engaged in architecture, tooling, automation, and incident command. Responsibilities span the design and hardening of security controls, threat detection and incident response, vulnerability and exposure management, endpoint and identity protection, and security automation across Payscale’s corporate, cloud, and hosting environments. The Director owns Payscale’s MDR relationship and is accountable for the maturity, performance, and roadmap of both functions. This role reports to the CISO, VP - Cybersecurity & Enterprise Technology. What You'll Do Leadership & People Management Direct, manage, and lead the security engineering and security operations team members; own hiring, onboarding, performance reviews, and career development plans aligned to Payscale’s Information Security Career Ladder Set strategy and quarterly/annual objectives for both functions and translate them into a prioritized, measurable roadmap; hold regular 1:1s and team connects to maintain a high-performance, feedback-rich culture Mentor engineers and analysts at all career levels, providing task-based directives, technical coaching, and growth-oriented feedback Own the on-call rotation and after-hours escalation path across both functions, ensuring coverage for time-sensitive detection and response Serve as a working leader — remaining hands-on in engineering, architecture, and incident response rather than leading solely through delegation Security Engineering Own the design, implementation, and continuous hardening of security controls across corporate, cloud, and hosting environments Build and maintain security automation and integrations — SOAR, detection-as- code, and infrastructure-as-code guardrails — to scale coverage without adding headcount Engineer and operate the security tooling stack (EDR/XDR, SIEM, identity protection, DLP/CASB, vulnerability scanning), ensuring platforms are well- integrated and meet architectural standards Partner with Engineering and Infrastructure to embed “secure by design” into CI/CD, cloud architecture, and product development Drive adoption of a zero-trust methodology across identity, endpoint, network, and application layers Lead security engineering for enterprise AI and agentic tooling adoption, building controls and guardrails for safe internal use Security Operations & Incident Response Drive the threat detection and incident response capability: detection engineering, playbook development, tabletop exercises, and continuous improvement of MTTA/MTTR metrics Lead or oversee incident response events as the designated incident manager for significant or multi-team incidents, running incident command end-to-end Own the MDR relationship, holding the provider accountable to SLAs, coverage, and response outcomes Extend detection and response to secure enterprise AI and agentic tooling adoption Vulnerability & Exposure Management Own the vulnerability and exposure management function across all corporate and hosting environments, coordinating cross-functionally on mitigation and remediation with clear SLAs Expand security monitoring, visibility, and coverage using existing platforms and open-source tooling Program, Metrics & Stakeholder Engagement Own the security engineering and operations portion of the Information Security program roadmap, delivering operational metrics, risk-posture data, and capacity analysis Establish and report security KPIs to technology and executive leadership on a regular cadence Collaborate with the GRC team on ISO 27001 and SOC 2 evidence, control effectiveness, and audit readiness as it relates to security engineering and operations Lead technical evaluations of emerging security vendors and technologies; provide buy/build/partner recommendations to technology management Represent security engineering and operations in cross-functional product, engineering, and infrastructure initiatives, ensuring security requirements are incorporated by design What We're Looking For 10+ years in information security, including 4+ years in a lead or management role across security engineering and/or security operations functions Proven people-management track record: direct reports, performance cycles, and team development in a security context Expert, hands-on knowledge of both security engineering (controls design, automation, tooling integration) and security operations (detection, incident response) — capable of acting as architect, engineer, incident handler, lead, and manager Experience with the CrowdStrike Falcon platform (EDR, Identity Protection, Data Protection, AIDR, ZTA, Exposure Management) and SIEM/SOAR orchestration Demonstrated experience owning or managing an MDR or MSSP vendor relationship Strong foundation in cloud security (AWS preferred), endpoint security, identity and access management, and zero-trust architecture Strong experience in vulnerability and exposure management and mitigation/remediation strategies Scripting and automation ability in PowerShell, Python, or Bash; comfortable with detection-as-code and infrastructure-as-code approaches Experience with the MITRE ATT&CK framework and the ability to map operational data to TTPs for structured threat analysis Experience building operational, engineering, and vulnerability metrics and management reporting, and driving improvement through a regular reporting cadence Experience with zero-trust networks and platforms such as Cloudflare, Zscaler, or AppGate Experience with Data Loss Prevention and CASB architectures and tooling such as Forcepoint, Netskope, or Zscaler Familiarity with SOAR and automation platforms such as Tines, n8n, or Ansible Nice to Have Certifications such as CISSP or CISM Experience in a remote-first SaaS and/or PE-backed environment Location Payscale has an employee centric remote-first model that provides you the flexibility to do your best work in a space that supports you, while also finding time to collaborate in person for the moments that matter. In our remote-first model, employees can work from the location that works best for them. We do not have centralized corporate offices. Employees can choose to work from home, in company-paid co-working spaces, or any combination of the two that best suits their unique needs. If you work from home, we recommend ensuring that you can meet the following technology, equipment and workspace requirements: High-Speed Internet - A stable broadband or fiber connection (satellite is highly discouraged) with a minimum speed of 100 Mbps in a dedicated workspace that has a reliable Wi-Fi signal. Device for Multifactor Authentication (MFA/2FA) - smartphone, tablet, etc. When it matters (usually no more than a few times a year) we take the time to gather for in-person events. Payscale has employees across the US, Canada, UK, The Philippines and Romania however we are currently unable to hire in the Quebec Province, Northern Ireland, and Hawaii. Benefits and Perks All around awesome culture where together we strive to live our 5 values: Data informed decision making. Customer first. Always. Succeed together. Relentless about results. Obsessed with excellence. Lead the change. Shape the standard. An open and inclusive environment where you’ll learn and grow through programs and resources like: Monthly company All Hands meetings Regular opportunities for executive leadership exposure through things like AMAs Access to continued learning & development opportunities Our commitment to a continuous feedback culture which allows us to drive performance and career growth A growing network of Employee Resource Groups Company sponsored volunteer hours And more! Our more standard benefits(US) Flexible paid time off, giving you the opportunity to rest, relax and recharge away from work 14 Paid Company Holidays, includes 2 floating holidays (you choose!) A comprehensive benefits plan including medical, dental, life, vision, disability, and life insurance covered up to 100% by Payscale Unlimited infertility coverage benefits through our medical plans Additional supplemental health benefits offered to you and your family 401(k) retirement program with a fully vested immediate company match 16 weeks of paid parental leave for birthing and non-birthing parents Health Savings Account (HSA) options and company contributions each pay period Flexible Spending Account (FSA) options for pre-tax employee allocations Annual remote work stipend to be used on wellness or home office equipment Our more standard benefits (Canada) Holiday – Annual accrual for full time and part time employees Sick Pay – Annual paid time off available Company Paid and Statutory Holidays – Generous time off provided 16 weeks of paid parental leave (top off) for birthing and non-birthing parents Life Insurance - Basic life and AD&D benefit Long term disability & Critical Illness – Coverage for certain types of illnesses and surgeries Medical/Rx, Dental, Telehealth – Coverage for prescription, paramedical, medical supplies, emergency, basic and accidental dental, and virtual health care services Health/Wellness Spending Account – Annual amount provided to you and your family for approved expenses RRSP offered to employees with a 1:1 match up to 4% BenefitHub – Discount marketplace, full access to all your benefits and provider portals Annual remote work stipend to be used on wellness or home office equipment Equal Opportunity Employer: We embrace equal employment opportunity. Payscale is committed to a policy of equal employment opportunity for all applicants and employees. It is our policy that employees will not be subjected to unlawful discrimination on the basis of race, color, religion, sex, age, national origin, or ancestry, physical or mental disability, veteran or military status, marital status, sexual orientation, political ideology, and any other basis protected by federal, state, or local laws. This policy applies to all terms and conditions of employment, including but not limited to: recruitment, hiring, transfers, promotions, training, discipline, termination, compensation and benefits, performance appraisals, education, and social and recreational programs. We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates, so please don’t hesitate to apply — we’d love to hear from you. If you have a disability or impairment and need assistance with the application process, please email recruiting@payscale.com for support. Fraud Alert: Payscale values security and privacy. During your job application and interview process, we will never ask for your personal banking or financial information, social security number, or other sensitive information, if you are unsure if a message is from Payscale, please email recruiting@payscale.com
Posted 2026-07-16