Sr SOC and IR Manager (Remote or On Site)

Do you enjoy building and leading high-performing teams while staying close to the work? Are you energized by transforming security operations, modernizing detection and response, driving automation, and partnering across the business to raise readiness? We are looking for a hands-on leader to help shape and run our SOC and incident response program at scale.

Crane is seeking a Senior Manager, Security Operations & Incident Response to lead our Security Operations Center and Incident Response (IR) program. This role helps to define the operating model, people leadership, and continuous improvement of our detection and response capabilities, partnering across Global Information Security, IT, and business teams to deliver security outcomes globally. This position reports to the CISO.

In this role, you will lead our global incident response program, related processes and technologies, and the US and international SOC teams. This is a hands-on leadership role: you will coach and develop analysts, strengthen investigation and response standards, and help evolve our security operations across endpoint, network, cloud, SaaS, and identity telemetry using automation and modern workflows to increase speed, consistency, and quality.

As a manager with global responsibilities for SOC and IR, you will bring a steady, practical approach under pressure and the ability to lead incident coordination across technical and non-technical stakeholders. You will be comfortable serving as an incident commander, making time-sensitive decisions, setting priorities, and guiding teams through investigation, containment, recovery, and follow-up improvements while communicating clearly with leadership throughout.

Core Function: 

This role is responsible for leading our global SOC and the tools, processes, and people that enable effective detection and response. You will set direction for a modern SOC operating model, help mature response playbooks and standard work, and drive improvements in signal quality, analyst experience, and measurable outcomes.

In this capacity, you will lead the delivery of processes and standard work for the global security operations function. This includes detection engineering and tuning, playbook/runbook development, informed monitoring, and high-quality investigations across endpoint, network, cloud, SaaS, and identity sources. This is a very hands-on position: you will participate in threat hunting, guide deep-dive investigations, and ensure service levels, operational hygiene, and team outcomes are consistently met.

You will direct our use of SIEM, SOAR, and related platforms that power security operations, including integrations with identity, cloud, endpoint, and collaboration ecosystems. You will champion automation and orchestration to streamline triage and response, while thoughtfully adopting automation/AI workflows to accelerate analysis and decision-making with appropriate oversight.

As the ideal candidate, you must have solid track record of results in successful security incident management and have prior experience in implementing automation to gain efficiencies, reduce errors, and increase capacity of an enterprise incident response program.

You must have a strong desire to mature blue team tradecraft, to lead and mentor others, provide vision and strategic input, and to further your own development along the way.

This role carries the expectation to be a subject matter expert in security operations and incident response readiness. You will define and lead all phases of preparation, identification, containment, eradication, and recovery, and will influence overall Global Information Security program direction and approach. You will help develop and implement security operations processes, standard work, and policy-aligned procedures, and will be responsible for maintaining operational metrics, KPIs, and executive-ready reporting to measure effectiveness and drive continuous improvement.

You will work closely with the CISO, business leadership, Global InfoSec management, and IT leaders to strengthen incident preparedness and operational excellence. You will partner with Legal, Privacy, HR, and GRC to align response processes, evidence handling, and communications practices, and you will help plan and run exercises to keep teams ready. You will be expected to communicate effectively at all levels of the organization, be detail-oriented, and be focused on outcomes and measurable program goals. You must enjoy continuous improvement and have a genuine passion for security operations.

This is an opportunity to make a visible impact on a global program alongside a team that values curiosity, craftsmanship, and collaboration. If you enjoy building capabilities, mentoring talent, and modernizing how security operations works day to day, you will find meaningful work and the support to keep growing at a strong and growing organization.

Responsibilities and Duties:

• Lead and continuously improve the SOC and incident response program, including operating model, standard work, and outcomes.
• Serve as incident commander for high-severity investigations, coordinating cross-functional response and driving clear decisions, timelines, and communications.
• Lead and develop a distributed team of analysts/engineers; build a strong culture of learning, quality, and operational excellence.
• Own detection and response capability across endpoint, network, cloud, SaaS, and identity telemetry; improve signal quality and reduce noise through tuning and engineering.
• Define, maintain, and test playbooks/runbooks and escalation paths, drive readiness through exercises and continuous improvement.
• Drive automation and orchestration (SOAR) to streamline triage and response, integrate systems, and reduce manual effort.
• Guide thoughtful adoption of AI-assisted workflows to accelerate investigations and reporting, with appropriate validation, governance, and analyst enablement.
• Manage SOC tooling, service partnerships, and performance; ensure clear expectations, measurable SLAs, and continuous value delivery.
• Develop and maintain program metrics, KPIs, and executive-ready reporting; track effectiveness and drive improvements in speed, quality, and consistency.
• Partner with Legal, Privacy, HR, GRC, Risk Management, and IT to align response processes, documentation, and communication practices.
• Evaluate, plan, and implement security operations improvements and supporting solutions; keep practices aligned with evolving standards and best practices.

Qualifications and Competencies:

• Experience managing, leading, and developing remote/distributed teams with diverse backgrounds and skill levels.
• Demonstrated success designing and running SOC and incident response processes across traditional enterprise environments and modern cloud/SaaS services.
• Strong, current knowledge of security operations tradecraft: alert triage, investigation, containment/recovery coordination, post-incident reviews, and continuous improvement.
• Expertise with security telemetry and analytics: SIEM engineering, log normalization, detection content development, alert tuning, and correlation across endpoint/network/cloud/identity sources.
• Working knowledge of security automation/orchestration (SOAR) and integration patterns (APIs, webhooks, scripting) to reduce toil and improve response consistency.
• Strong fundamentals in Windows and Linux administration, networking, and modern enterprise services; able to go deep when needed and translate technical details for stakeholders.
• Solid understanding of identity and access controls (SSO, MFA, conditional access concepts) and the role of identity telemetry in detection and response.
• Ability to lead high-severity investigations with calm, clarity, and strong judgment; comfortable serving as incident commander and coordinating across teams.
• Excellent written and verbal communication skills, including executive-ready status updates, post-incident reporting, and roadmap/strategy presentations.
• Familiarity with relevant privacy, regulatory, and eDiscovery considerations for incident response (documentation, evidence handling, and reporting workflows).
• Strong project leadership skills with a track record of delivering measurable improvements.
• Flexibility to support incident response needs outside of standard business hours, as required.
• Ability to travel both domestically and internationally (est. no more than 10%).
• Supportive leader: highly motivated, self-directed, collaborative, and perpetually curious.
• Commitment to ongoing security learning and professional development (training and certifications).
• Required: 7+ years relevant professional experience in security operations and incident response.
• Required: 3+ years managing or leading others in a security operations/incident response context.
• Preferred: Degree in a related field or equivalent practical experience.
• Preferred: Advanced professional security certifications (e.g., CISSP, CISM, GIAC or similar).
• US Person as defined under EAR PART 772 AND ITAR 120.15

This description has been designed to indicate the general nature and level of work being performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.

Crane Company. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, gender, sexual orientation, general identity, national origin, disability or veteran status.