Reports to: Senior Director of Threat Detection and Response Location: Remote US Compensation Range: $170,000 to $205,000 base plus bonus and equity What We Do: Huntress is a fully remote, global team of passionate experts and ethical badasses on a mission to break down the barriers to cybersecurity. Whether creating purpose-built security solutions, hunting down hackers, or impacting our community, our people go above and beyond to change the security game and make a real difference. Founded in 2015 by former NSA cyber operators, Huntress protects all businesses—not just the 1%—with enterprise-grade, fully owned, and managed cybersecurity products at the price of an affordable SaaS application. The Huntress difference is our One Team advantage: our technology is designed with our industry-defining Security Operations Center (SOC) in mind and is never separated from our service. We protect 4M+ endpoints and 7M+ identities worldwide, elevating underresourced IT teams with protection that works as hard as they do. As long as hackers keep hacking, Huntress keeps hunting. What You’ll Do As the Senior Manager of SOC Triage, you will lead the critical "front line" of our Security Operations Center. You are responsible for a team that reviews high-volume, low-fidelity security signals to qualify potential threats for our senior Analysis team. Your mission is to maximize detection surface area while serving as a strategic leader for the SOC's primary talent incubator. You will balance operational excellence—ensuring the "noise" is reviewed effectively—with a deep commitment to people development, preparing the next generation of security analysts for career progression. Roles and Responsibilities: Team Leadership & Talent Pipeline: Lead, mentor, and manage a high-performing Triage team. Develop and hold regular career conversations, facilitating an inclusive environment and acting as a steward of company culture. Operational Strategy: Define team priorities and set measurable goals (e.g., data reviewed, escalation quality, incidents identified. Identify and scope the team’s work in partnership with SOC leadership. Signal & Escalation Oversight: Oversee the "Signal Review & Qualification" function to ensure rapid, consistent decision-making based on established playbooks. Ensure qualified threats are escalated with clear, concise context to the Analysis team. What You Bring To The Team: Experience: 4+ years of progressive experience in Security Operations (SOC), threat hunting, or incident response, with at least 3+ years in a leadership/management role. Leadership Mastery: Proven ability to develop and mentor team members, specifically in a high-volume, entry-to-mid-level technical environment. Analytical Mindset: Expert-level ability to identify and surface patterns in security data and translate those insights into solutions or process improvements. Technical Knowledge: Deep understanding of the modern threat landscape, common attacker TTPs (e.g., suspicious inbox rules, persistence mechanisms), and SOC orchestration tools. Communication: Outstanding ability to articulate the "root cause" of problems using first principles and present technical strategy to executive leadership. Adaptability: A forward-thinking mindset with a passion for driving change in a cloud-first, fully remote environment. What We Offer: 100% remote work environment - since our founding in 2015 Generous paid time off policy, including vacation, sick time, and paid holidays 12 weeks of paid parental leave Highly competitive and comprehensive medical, dental, and vision benefits plans 401(k) with a 5% contribution regardless of employee contribution Life and Disability insurance plans Stock options for all full-time employees One-time $500 reimbursement for building/upgrading home office Annual allowance for education and professional development assistance $75 USD/month digital reimbursement Access to the BetterUp platform for coaching, personal, and professional growth Huntress is committed to creating a culture of inclusivity where every single member of our team is valued, has a voice, and is empowered to come to work every day just as they are. We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, disability, veteran status, genetic information, marital status, or any other legally protected status. We do discriminate against hackers who try to exploit businesses of all sizes. Accommodations: If you require reasonable accommodation to complete this application, interview, or pre-employment testing or participate in the employee selection process, please direct your inquiries to accommodations@huntresslabs.com . Please note that non-accommodation requests to this inbox will not receive a response. Huntress uses artificial intelligence tools to assist in reviewing and evaluating job applications, including resume screening, skills assessment, and candidate matching and comparisons. These AI tools support our human recruiters in the initial review process but do not make final hiring decisions without human involvement. By submitting your application, you acknowledge this use of AI in our recruitment process. Please review our Candidate Privacy Notice for more details on our practices and your data privacy rights. #BI-Remote

• Define and lead the DevSecOps vision and roadmap across infrastructure, application, and CI/CD ecosystems. • Architect secure-by-design cloud-native systems across AWS/GCP environments. • Establish security patterns, guardrails, and reference architectures for engineering teams. • Evaluate and implement modern security tooling across SAST, DAST, SCA, container scanning, IaC scanning, and runtime protection. • Embed security controls into CI/CD pipelines and developer workflows. • Drive infrastructure-as-code security best practices (Terraform, CloudFormation, etc.). • Automate security testing and compliance checks to reduce manual overhead. • Implement policy-as-code and automated governance controls. • Lead identity and access management (IAM) strategy and least-privilege enforcement. • Strengthen container and Kubernetes security posture. • Oversee secrets management, encryption standards, and key management processes. • Partner with infrastructure teams on network segmentation, zero-trust architectures, and environment isolation. • Support and mature Alto’s security program in alignment with HIPAA, SOC 2, HITRUST, and other healthcare regulatory frameworks. • Conduct threat modeling, security design reviews, and architecture risk assessments. • Partner with Security and Compliance teams on audits and remediation efforts. • Provide senior-level leadership during security incidents, including root cause analysis and long-term mitigation planning. • Mentor senior and mid-level engineers on secure coding and DevSecOps practices. • Influence engineering leadership and executive stakeholders on security strategy and risk prioritization. • Drive cross-functional alignment across Engineering, Product, IT, and Compliance. • Raise the overall security maturity of the organization through scalable frameworks and standards.

• Serve as the technical authority for CMASS IV security operations and authorization support • Lead ongoing authorization (OA/cATO), continuous monitoring execution, RMF artifact quality, and compliance alignment with DHS and USCIS security requirements • Designated Key Personnel due to its critical role in operational security execution and audit readiness • Lead continuous monitoring and OA/cATO execution across USCIS systems • Oversee development and maintenance of SSPs, SAPs, SARs, POA&Ms, and supporting evidence • Ensure control validation and security posture consistency across supported directorates • Coordinate with system owners, Authorizing Officials (AOs), ISSOs, and engineering teams • Ensure alignment with DHS 4300A, ISPP, and USCIS security policies • Support audits, assessments, and leadership briefings related to security posture

• Ability to autonomously prioritize and successfully deliver across a portfolio of projects. • Learn and keep up with current cyber threats, attack methodology, active campaigns, and detection techniques using a wide variety of capabilities and sources (GOTS, COTS, and Open Source). • Understand and utilize cyber threat intelligence sources. • Familiarity with key security events on common IT platforms. • Experience authoring security runbooks, policy, and best practice documentation. • Preferred experience in the areas of SecOps, Security Analytics, SIEM/SOAR, etc. • Proficiency in developing log ingestion and aggregation strategies. • Expertise developing security-focused content for one or more SIEM platforms (Splunk, CrowdStrike NG-SIEM, Elastic Security or Palo Alto XSIAM), including creation of complex threat detection logic and operational dashboards. • Understand and articulate complex technical information to both technical and non-technical audiences. • Demonstrated experience in the identification and assessment of the relevance and effectiveness of signatures and indicators of compromise based on intelligence. • Experience developing and providing regular and ad hoc briefs, documents, diagrams and other products.