1. UD Home
  2. Human Resources
  3. Careers
Job Alerts Back to career search

Director, Security Operations

Apply now Job no: 502903
College / VP Area: Vice President for IT
Work type: Staff
Location: Newark, DE
Categories: Information Technology, Full Time

Curious about the full value of working at UD? In addition to salary, our Total Rewards benefits and Compensation Estimator give you a clear view of the complete package.

Pay Grade: 33S
 
Context of Job
The Director of Security Operations is a senior cybersecurity leader responsible for designing, executing, and continually improving the institution’s security operations capabilities. This role provides strategic and hands-on leadership across the Security Operations Center, incident response, digital forensics, vulnerability management, endpoint detection and response (EDR/XDR), firewall and network security, and coordination with Managed Detection and Response (MDR) providers.

The Director works closely with central IT, schools and colleges, legal counsel, privacy, compliance, and external investigators to ensure effective detection, response, investigation, and recovery from cybersecurity incidents in a complex higher-education environment that includes on-premises, cloud, and research systems. This role is accountable for ensuring cybersecurity operations balance risk reduction with usability and operational needs across academic, administrative, research, and affiliated units.

The Director, Security Operations and SOC, reports to the Chief Information Security Officer (CISO).

Major Responsibilities:

Security Operations & SOC Leadership
  • Establish and lead a mature, outcomes-driven SOC operating model aligned with higher education risk, academic openness, and regulatory requirements.
  • Define SOC strategy, operating procedures, escalation models, and service maturity roadmap.
  • Lead, mentor, and develop SOC analysts, incident responders, and security engineers across distributed campus environments.
  • Provide operational leadership supporting multiple schools, colleges, research units, and administrative systems.
  • Ensure technical security controls, processes, and services operate effectively to support prevention, detection, response, and recovery capabilities.
  • Act as a change agent, driving the adoption of new security technologies and operational processes to improve cyber resilience.
  • Lead multiple security operations teams and initiatives concurrently, prioritizing service improvement projects based on risk and value.
  • Threat Detection, MDR & EDR/XDR
  • Own threat detection and response across networks, endpoints, servers, cloud platforms, and SaaS environments.
  • Serve as the primary institutional owner for MDR services, ensuring alignment with internal SOC workflows, SLAs, and escalation paths.
  • Oversee EDR/XDR platforms, detection tuning, threat hunting, and response automation.
  • Validate detection coverage using frameworks such as MITRE ATT&CK.

Incident Response, Forensics & Investigations
  • Lead security incident response activities, including containment, eradication, recovery, and post-incident analysis.
  • Develop, maintain, and regularly test incident response plans (IRP), playbooks, and tabletop exercises.
  • Oversee digital forensics investigations, including endpoint, network, log, and cloud-based forensic analysis.
  • Coordinate litigation holds, evidence preservation, and chain-of-custody requirements in collaboration with Legal, Compliance, and Privacy offices.
  • Act as the primary security liaison with external investigators, law enforcement, cyber insurance carriers, and third-party forensic firms when required.
  • Ensure proper documentation and reporting for regulatory, legal, and institutional requirements.
  • Oversee digital forensics activities, including endpoint, network, cloud, and application-level investigations.
  • Coordinate with Legal, Privacy, and Compliance teams to support litigation holds, evidence preservation, and regulatory inquiries.
  • Engage and manage external investigators, cyber insurance partners, and third-party forensic firms during major incidents.
  • Ensure incident response activities support post-incident reporting, lessons learned, and operational improvements.
  • Cloud & Modern Infrastructure Security
  • Lead security operations for cloud platforms (e.g., Azure, GCP, AWS), including incident response and forensic investigations in cloud-native environments.
  • Partner with system, network, HPS, infrastructure, and enterprise application teams to integrate security logging, monitoring, and response into cloud and hybrid architectures.
  • Oversee security operations for SaaS platforms commonly used in higher education.
  • Provide oversight for application and platform security testing, including secure development practices and DevSecOps integration.
  • Support cloud-native forensic investigations and security monitoring across IaaS, PaaS, and SaaS platforms.
  • Ensure security operations integrate with modern application delivery pipelines and enterprise platforms.

Firewall & Network Security Ownership
  • Own and manage the campus Palo Alto next-generation firewall environment, including:
  • Architecture and design
  • Rulebase governance and segmentation
  • Secure zone and enclave design
  • Change management and performance optimization
  • Design firewall and network security solutions that balance academic access, research needs, and institutional risk.
  • Collaborate closely with network engineering teams to enforce security controls across campus and data centers.

Vulnerability Management
  • Own the enterprise vulnerability management program, including scanning, risk-based prioritization, remediation tracking, and reporting.
  • Coordinate remediation efforts across central IT, distributed school IT teams, and system owners.
  • Integrate vulnerability data into SOC detection and response workflows.
  • Oversee vulnerability, configuration, and attack surface management programs across endpoints, servers, cloud workloads, and applications.
  • Ensure vulnerability remediation efforts are risk-based, measurable, and aligned with institutional priorities.

Governance, Risk & Compliance
  • Ensure security operations align with relevant frameworks and regulations (e.g., NIST, HIPAA, FERPA, PCI-DSS).
  • Support audits, risk assessments, and compliance reviews through operational evidence and reporting.
  • Partner with institutional leadership to translate technical risk into business and academic impact.

Metrics, Reporting & Executive Communication
  • Define and track SOC metrics (e.g., MTTD, MTTR, alert quality, incident trends).
  • Provide clear, actionable security reporting to senior leadership, CIO/CISO, and governance committees.
  • Communicate incident impact, response actions, and risk posture in non-technical terms.
  • Serve as a senior advisor to executive leadership, schools, colleges, and research units on cybersecurity operational risk.
  • Oversee service delivery commitments, including internal and external SLAs, ensuring operational and financial targets are met.
  • Champion collaboration across IT, academic units, healthcare, and research environments to embed security into operations.
  • Recruit, mentor, and develop high-performing cybersecurity professionals, building both technical depth and leadership capacity.
  • Ensure team skills evolve to support future operational and threat landscape needs.

Vendor, Budget & Program Management
  • Manage SOC-related vendors, tools, and service providers, including MDR, EDR, SIEM, forensic tools, and firewall platforms.
  • Oversee budgeting, procurement, and lifecycle management for security operations technologies.
  • Continuously evaluate and improve tools, automation, and processes.
  • Design and execute multi-year security operations roadmaps aligned with institutional strategy and regulatory obligations.
  • Develop and manage the security operations budget, ensuring effective allocation of resources and measurable return on investment (ROI).
  • Evaluate the value, cost, and risk reduction impact of security initiatives to guide prioritization and funding decisions.
 
Qualifications:
  • Bachelor’s degree in cybersecurity, information technology, computer science, or a related field.
     
  • Eight years of progressive experience in cybersecurity operations, including 5+ years in security leadership roles.
  • Demonstrated experience leading SOC, incident response, digital forensics, and enterprise security operations.
  • Hands-on experience with EDR/XDR, SIEM, firewalls (Palo Alto preferred), vulnerability management, and cloud security.
  • Experience coordinating forensic investigations, litigation holds, and working with external investigators.
  • Proven ability to lead security operations in complex, decentralized environments such as higher education.
  • Strong leadership, communication, and stakeholder management skills.

Notice of Non-Discrimination and Equal Opportunity
The University of Delaware does not discriminate against any person on the basis of race, color, national origin, sex, gender identity or expression, sexual orientation, genetic information, marital status, disability, religion, age, veteran status or any other characteristic protected by applicable law in its employment, educational programs and activities, admissions policies, and scholarship and loan programs as required by Title IX of the Educational Amendments of 1972, the Americans with Disabilities Act of 1990, Section 504 of the Rehabilitation Act of 1973, Title VII of the Civil Rights Act of 1964, and other applicable statutes and University policies. The University of Delaware also prohibits unlawful harassment including sexual harassment and sexual violence.

Applications close:

Back to search results Apply now Refer a friend