Job Description
At Armor, we are committed to making a meaningful difference in securing cyberspace. Our vision is to be the trusted protector and de facto standard that cloud-centric customers entrust with their risk. We strive to continuously evolve to be the best partner of choice, breaking norms and tirelessly innovating to stay ahead of evolving cyber threats and reshaping how we deliver customer outcomes. We are passionate about making a positive impact in the world, and we’re looking for a highly skilled and experienced talent to join our dynamic team. Armor has unique offerings to the market so customers can a) understand their risk b) leverage Armor to co-manage their risk or c) completely outsource their risk to Armor. Learn more at: https://www.armor.com SUMMARY* Armor is seeking a Security Operations and Incident Response Leader to serve as a hands-on leader and transformation agent for our Managed Services security operations function. This hybrid position is based in Plano, TX. Reporting to the Head of Professional Services, SecOps, and Customer Success, this role leads a team of security professionals located across the globe in delivering security operations, incident response consultation, and security tooling management to our managed security customers. This leader will drive the transformation of our SOC into a modern, agentic security operations center while maintaining operational excellence in triage, incident response, and security policy management. The role combines people leadership with strategic vision to deliver customer outcomes focused on security improvement, risk reduction, security resilience, and compliance. This role follows a hybrid schedule with in-office presence required three days per week (Tuesday–Thursday). ESSENTIAL DUTIES AND RESPONSIBILITIES (Additional duties may be assigned as required)* Team Leadership and Development Directly manage a team of Incident Response Consultants and Security Operations professionals, including performance management, career development, regular 1:1s, and goal-setting. Lead the upskilling and rapid professional development of team members, ensuring readiness for evolving security challenges and agentic workflows. Participate in recruiting new team members through a collaborative hiring process, including interviewing, evaluating candidates, and onboarding. Coach and mentor team members on technical skills, customer consultation techniques, and professional growth. Build and maintain a high-performance culture focused on customer outcomes, continuous improvement, and operational excellence. SOC Transformation and Modernization Lead the transformation of the SOC into a modern agentic security operations center, leveraging AI-augmented workflows and automation to enhance detection, response, and operational efficiency. Drive modernization initiatives across the security operations function, including process optimization, tooling enhancements, and capability development. Work cross-functionally to rapidly operationalize new security capabilities and integrate them into SOC responsibilities (e.g., CSPM, Defender for OT, Purview, and emerging platforms). Collaborate with Armor’s engineering team to evaluate, build, and implement emerging technologies including AI/ML-assisted detection, automated response, and cloud-native security tools. Work with engineering to design and optimize agentic AI processes that maintain human oversight, accountability, and security standards. Security Operations and Incident Response Oversee SOC triage operations, ensuring adequate coverage, quality, and consistent delivery of security monitoring and alerting services. Serve as senior escalation point for high-severity incidents, providing hands-on technical leadership through complex investigations and customer engagements. Manage security policy creation and maintenance across multiple platforms (AV, FIM, IDS, NGFW, EDR, WAF, etc.). Oversee security tooling management, ensuring proper configuration, optimization, and operational readiness. Conduct quality reviews of team deliverables including incident reports, customer recommendations, and detection content. Contribute to incident response playbook development, detection use-case creation, and consultation framework improvements. Customer Outcomes and Organizational Collaboration Evolve SOC operations to prioritize customer outcomes including security improvement, risk reduction, security resilience, and compliance achievement. Collaborate with the broader organization to ensure security operations capabilitie