• Design, develop, and refactor our custom internal security platform across both the backend (FastAPI) and frontend(React). • Partner with security analysts to turn manual workflows into automated, reliable processes. • Integrate and operationalise AI/ML utilities (such as LLMs) into our security platform to assist analysts with threat investigation and incident summarisation. • Work with our infrastructure in GCP, using Kubernetes for orchestration and Terraform for resource management. • Leverage our monitoring and alerting tools (Prometheus/Grafana) to detect failures early and maintain high availability across the internal security platform the team owns. • Build and maintain API integrations that connect our detection tools, ticketing systems, and customer environments. • Champion code quality through code reviews, testing practices and CI/CD pipelines.

Role Description Figma's Security team is growing, and we're looking for a Security Operations Manager to lead the strategy and execution of our security operations program. In this role, you'll build and scale the systems, processes, and tooling that help protect Figma and our community. You'll partner closely with Security Engineering, Platform Security, IT, GRC, and Legal to strengthen our detection and response capabilities, improve operational resilience, and help shape the future of our DART and SOC functions. This is a full-time role that can be held from one of our US hubs or remotely in the United States. What you'll do at Figma: - Own Figma's security monitoring and incident response program, from detection engineering through post-incident review and continuous improvement. - Build and automate security operations workflows, including alert triage, enrichment, investigation, and response actions using SOAR and custom tooling. - Develop and maintain incident response run books, escalation procedures, and communication plans for security events of varying severity. - Lead incident response preparedness initiatives, including tabletop exercises, red team engagements, and response capability assessments. - Improve the effectiveness of our SIEM and SOAR platforms by reducing noise, increasing signal fidelity, and closing detection coverage gaps. - Build and operationalize threat intelligence capabilities to identify adversary behaviors, prioritize investments, and strengthen detection and response programs. - Partner with Legal, Privacy, and Communications teams to support breach notification and regulatory response obligations during significant security incidents. - Drive security operations strategy through vendor management, operational metrics, and cross-functional initiatives spanning IAM, vulnerability management, DLP, and exposure reduction. Qualifications - 7+ years of experience in security operations, incident response, or a related security engineering function. - Hands-on experience building and automating detection and response workflows using scripting, APIs, or security automation platforms. - Deep expertise with SIEM and SOAR technologies in a cloud-native or SaaS environment. - Demonstrated success building, scaling, or significantly improving a detection and response program. - Experience leading complex security incidents and partnering with Legal, Privacy, and business stakeholders during high-impact events. Requirements - While it's not required, it's an added plus if you also have: - Operated in a public company environment with SOX, ISO 27001, SOC 2, or FedRAMP requirements. - Applied AI risk management frameworks such as NIST AI RMF, OECD AI Principles, or ISO 42001. - Utilized AI-powered tools to automate security operations workflows and improve team efficiency. Benefits - Figma offers equity to employees, as well as a competitive package of additional benefits, including: - Health, dental & vision. - Retirement with company contribution. - Parental leave & reproductive or family planning support. - Mental health & wellness benefits. - Generous PTO. - Company recharge days. - Learning & development stipend. - Work from home stipend. - Cell phone reimbursement. - Sales incentive pay for most sales roles. - Annual bonus plan for eligible non-sales roles.

• Triage, investigate, and respond to alerts coming in from the Huntress platform. • Perform tactical review of EDR telemetry, log sources, and forensic artifacts to determine the root cause of attacks, where possible, and provide remediations needed to remove the threat. • Perform tactical malware analysis as part of investigating and triaging alerts. • Investigate suspicious Microsoft M365 activity and provide remediations. • Assist in escalations from the Product Support team for threat-related and SOC-relevant questions. • Contribute to detection engineering creation and tuning efforts. • Contribute to projects focused on driving better outcomes for our analysts and partners • Contribute to our collaboratively mentored team (we're all here to make each other better!).

• Work with various stakeholders from across the group, to ensure security operations practices, policies, and systems are robust, pragmatic and aligned with strategic objectives. • Define, build, and maintain a comprehensive security operations architecture that addresses current and emerging threats. • Manage delivery of cyber security projects and co-ordinate business security initiatives to support the organisation’s security posture and strategic goals. • Provide expert consultancy to technology teams on both reactive (day-to-day issues) and proactive (strategic) security matters. • Maintain Security Operations documentation, records and evidence to support security assessments, audits, and compliance with legal, regulatory and customer requirements. • Oversee and enforce adherence to technical security policies, standards, best practices, and customer requirements. • Lead the monitoring, detection, and investigation of security events & alerts; maintain and improve security control automation, logging, alerting, vulnerability scanning and threat detection capabilities. • Own incident response procedures; coordinate incident handling, ensure relevant stakeholders and third parties are engaged, lead follow-up actions until resolution. • Manage and oversee security testing: internal automated technical controls capture and scans, third-party assessments, penetration tests, ensuring findings are tracked and remediated. • Ensure security controls and processes are integrated across systems, applications, and cloud infrastructure. • Develop KPIs, SLAs, dashboards to measure and report performance, including response times, false positives, remediation progress etc. • Stay up-to-date with regulatory/compliance frameworks (e.g. EU Cyber Resilience Act, EU AI Act, ISO 27001, GDPR, PCI-DSS, NIST,NCSC), threat landscape changes and emerging technologies. • Work across the organisation and beyond to promote best practice across Digital Science, making recommendations for improvements to cyber security practices in line with industry standards and learnings from security incidents. • Prepare cyber security responses and evidence for internal and external parties. • Take an active role in information security forums, councils and communities within and outside of the organisation.